upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-11 01:30:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve the stack clash protection description.

Browse source 
Despite not being mentioned in the docs of gcc and clang, the stack
clash protection is architecture / implementation dependent.
Reported by:	jrtc27
This commit is contained in:
Alexander Leidinger 2025-01-29 09:32:00 +01:00
parent 6dcdd79a25
commit e91117fa8e
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
share/man/man7/mitigations.7
View file

@ -28,7 +28,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd January 25, 2025
.Dd January 29, 2025
.Dt MITIGATIONS 7
.Os
.Sh NAME
@ -244,8 +244,9 @@ and it is possible that some applications may not function correctly.
.Fx
supports stack overflow protection using the Stack Smashing Protector
.Pq SSP
compiler feature,
and stack clash protection.
compiler feature.
Stack clash protection is also enabled,
if supported by the compiler for the given architecture.
In userland, SSP adds a per-process randomized canary at the end of every stack
frame which is checked for corruption upon return from the function,
and stack probing in