diff options
| author | Artur Grabowski <art@cvs.openbsd.org> | 2001-08-18 03:32:17 +0000 |
|---|---|---|
| committer | Artur Grabowski <art@cvs.openbsd.org> | 2001-08-18 03:32:17 +0000 |
| commit | 3f31c981b1a74d2ecb49a95f024d91fda9334da9 (patch) | |
| tree | dd70740acafee7540a927682344dd670f5212846 /sbin/sysctl | |
| parent | a33427cdc74e87f3a511989dc14ddfedf42e80a4 (diff) | |
Add a possibility to add a random offset to the stack on exec. This makes
it slightly harder to write generic buffer overflows. This doesn't really
give any real security, but it raises the bar for script-kiddies and it's
really cheap.
The range of the random offsets is controlled by the sysctl
kern.stackgap_random (must be a power of 2).
This is disabled by default right now, but we'll set it to a reasonable value
(1024?) soon, after some more testing.
Diffstat (limited to 'sbin/sysctl')
| -rw-r--r-- | sbin/sysctl/sysctl.8 | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index 6dc881d6aa8..ee77fb33c15 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.67 2001/07/05 08:42:14 jjbg Exp $ +.\" $OpenBSD: sysctl.8,v 1.68 2001/08/18 03:32:16 art Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -148,6 +148,7 @@ privilege can change the value. .It kern.fscale int no .It kern.ccpu u_int no .It kern.nprocs int no +.It kern.stackgap_random int yes .It vm.loadavg struct no .It vm.psstrings struct no .It vm.swapencrypt.enable integer yes |