[src/trunk]: src/share/man/man8 Note the 'vm.user_va0_disable', labelled as "...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/share/man/man8 Note the 'vm.user_va0_disable', labelled as "...
From: jruoho <jruoho%NetBSD.org@localhost>
Date: Mon, 06 Apr 2020 19:40:33 +0000

details:   https://anonhg.NetBSD.org/src/rev/c92bd7b910d4
branches:  trunk
changeset: 759940:c92bd7b910d4
user:      jruoho <jruoho%NetBSD.org@localhost>
date:      Tue Dec 21 08:50:18 2010 +0000

description:
Note the 'vm.user_va0_disable', labelled as "protections against NULL
pointer dereferences".

diffstat:

 share/man/man8/security.8 |  41 +++++++++++++++++++++++++++++++++++++++--
 1 files changed, 39 insertions(+), 2 deletions(-)

diffs (69 lines):

diff -r f617ece3a7a0 -r c92bd7b910d4 share/man/man8/security.8
--- a/share/man/man8/security.8 Tue Dec 21 08:11:21 2010 +0000
+++ b/share/man/man8/security.8 Tue Dec 21 08:50:18 2010 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: security.8,v 1.27 2010/12/19 08:31:38 jruoho Exp $
+.\" $NetBSD: security.8,v 1.28 2010/12/21 08:50:18 jruoho Exp $
 .\"
 .\" Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
 .\" All rights reserved.
@@ -25,7 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd December 19, 2010
+.Dd December 21, 2010
 .Dt SECURITY 8
 .Os
 .Sh NAME
@@ -95,6 +95,10 @@
 .It
 bounds checked libc functions
 .Pq Tn FORTIFY_SOURCE
+.It
+Protections against
+.Dv NULL
+pointer dereferences
 .El
 .Ss PaX ASLR
 .Em PaX ASLR
@@ -332,6 +336,39 @@
 .Bd -literal -offset indent
 USE_FORT=yes
 .Ed
+.Ss Protections against NULL pointer dereferences
+A certain class of attacks rely on kernel bugs that dereference
+.Dv NULL
+pointers.
+If user processes are allowed to map the virtual address 0 with
+.Xr mmap 2
+or by other means, there is a risk that code or data
+can be injected into the kernel address space.
+.Pp
+In
+.Nx
+it is possible to restrict whether user processes are
+allowed to make mappings at the zero address.
+By default, address 0 mappings are restricted
+on the i386 and amd64 architectures.
+It is however known that some third-party programs
+may not function properly with the restriction.
+Such mappings can be allowed either by using the
+.Dv USER_VA0_DISABLE_DEFAULT
+kernel configuration
+.Xr option 4
+or by changing the following variable at runtime:
+.Bd -literal -offset indent
+# sysctl -w vm.user_va0_disable=0
+.Ed
+.Pp
+Note that if
+.Em securelevel
+(see
+.Xr secmodel_securelevel 9 )
+is greater than zero, it is not possible to change the
+.Xr sysctl 8
+variable.
 .Sh PER-USER TEMPORARY STORAGE
 It is possible to configure per-user temporary storage to avoid potential
 security issues (race conditions, etc.) in programs that do not make secure

Prev by Date: [src/trunk]: src/share/man/man9 Note vm.user_va0_disable.
Next by Date: [src/trunk]: src/tests/lib/libc/stdio Migrate a few more tests from old regre...
Previous by Thread: [src/trunk]: src/share/man/man9 Note vm.user_va0_disable.
Next by Thread: [src/trunk]: src/tests/lib/libc/stdio Migrate a few more tests from old regre...
Indexes:

Home | Main Index | Thread Index | Old Index