diff options
| author | Brian Gianforcaro <bgianf@serenityos.org> | 2021-05-05 02:44:25 -0700 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2021-05-05 12:24:16 +0200 |
| commit | 56fccf1667503ee25ba57ad7d2f4163ccc216c0e (patch) | |
| tree | 48ca0f19e33be04752701eaffef9c0e3af4b3d69 /Base/usr/share/man/man7 | |
| parent | 325e491d345ec1821cfb3c39e2b9459f53f2eba8 (diff) | |
| download | serenity-56fccf1667503ee25ba57ad7d2f4163ccc216c0e.zip | |
Base: Minor cleanup of a few man pages.
- Fix some typos and formatting.
- Add links to Mitigations from unveil / pledge.
Diffstat (limited to 'Base/usr/share/man/man7')
| -rw-r--r-- | Base/usr/share/man/man7/Mitigations.md | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/Base/usr/share/man/man7/Mitigations.md b/Base/usr/share/man/man7/Mitigations.md index 426468ed86..966fe9a982 100644 --- a/Base/usr/share/man/man7/Mitigations.md +++ b/Base/usr/share/man/man7/Mitigations.md @@ -23,7 +23,6 @@ Author: Andreas Kling <awesomekling@gmail.com> Date: Wed Jan 1 01:56:58 2020 +0100 Kernel: Enable x86 SMEP (Supervisor Mode Execution Protection) - ``` ### SMAP (Supervisor Mode Access Prevention) @@ -133,7 +132,7 @@ Kernel: KUBSAN! (Kernel Undefined Behavior SANitizer) :^) ### Kernel unmap-after-init -Umap-after-init allows the kerenel to remove functions which contain potentially +Umap-after-init allows the kernel to remove functions which contain potentially dangerous [ROP gadgets](https://en.wikipedia.org/wiki/Return-oriented_programming) from kernel memory after we've booted up and they are no longer needed. Notably the `write_cr4(..)` function used to control processor features like the SMEP/SMAP bits @@ -158,7 +157,7 @@ Kernel: Add .unmap_after_init section for code we don't need after init in the linker and loader that hardens the data sections of an ELF binary. When enabled, it segregates function pointers resolved by the dynamic loader -into a separate section of the runtie executable memory, and allows the loader +into a separate section of the runtime executable memory, and allows the loader to make that memory read-only before passing control to the main executable. This prevents attackers from overwriting the [Global Offset Table (GOT)](https://en.wikipedia.org/wiki/Global_Offset_Table). @@ -218,8 +217,8 @@ Kernel+LibC: Build with basic -fstack-protector support ``` It was later re-enabled and refined to `-fstack-protector-strong` in the following commits: -``` +``` commit fd08c93ef57f71360d74b035214c71d7f7bfc5b8 Author: Brian Gianforcaro <b.gianfo@gmail.com> Date: Sat Jan 2 04:27:35 2021 -0800 |