RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-14 08:14:58 +00:00
Code Issues Activity Actions
59669 commits 1 branch 0 tags 227 MiB
Commit graph

26 commits

Author SHA1 Message Date
Liav A
751aae77bc Kernel: Rename /sys/kernel/variables => /sys/kernel/conf 
The name "variables" is a bit awkward and what the directory entries are
really about is kernel configuration so let's make it clear with the new
name.
 2023-08-27 22:50:22 +02:00
Ben Wiederhake
ee47c0275e Everywhere: Run spellcheck on all documentation 2023-05-07 01:05:09 +02:00
Liav A
8289759f1d Kernel: Allow configuring a Jail to not impose PID isolation restriction 
This is quite useful for userspace applications that can't cope with the
restriction, but it's still useful to impose other non-configurable
restrictions by using jails.
 2023-04-24 12:15:29 +02:00
Ben Wiederhake
b272b45137 Meta: Fix link to relocated intel.com webpage 
Using archive.org, it appears that this page has moved at some point
between May 14, 2021, and December 22, 2022, for no discernible reason.
 2022-12-31 13:00:13 -05:00
Ben Wiederhake
21b7c32af0 Meta: Fix link to wrong version of commit in Mitigations.md 
The old commit seems to be the one from the PR, hence it is not in the
master branch.
 2022-12-31 13:00:13 -05:00
Liav A
e598f22768 Kernel: Disallow executing SUID binaries if process is jailed 
Check if the process we are currently running is in a jail, and if that
is the case, fail early with the EPERM error code.

Also, as Brian noted, we should also disallow attaching to a jail in
case of already running within a setid executable, as this leaves the
user with false thinking of being secure (because you can't exec new
setid binaries), but the current program is still marked setid, which
means that at the very least we gained permissions while we didn't
expect it, so let's block it.
 2022-12-30 15:49:37 -05:00
Liav A
2b5d7a8a72 Base: Mention new immutable memory mappings security feature 2022-12-22 20:32:57 -08:00
Liav A
905becc991 Base: Add a note about Jails open access in the Mitigations(7) document 2022-12-09 23:09:00 -07:00
Liav A
756d2a7f63 Base: Add a description about Jails to the Mitigations(7) document 
We add a new document entry to mention jailed processes' restrictions,
so it is clear which restrictions apply when using Jails.
 2022-12-03 05:47:58 -07:00
Brian Gianforcaro
b7c50f7094 Base: Add -ftrivial-auto-var-init to man7/Mitigations.md 2022-07-09 00:53:45 +00:00
Idan Horowitz
d6eeb05bf9 Base: Add KASLR to Mitigations(7) 2022-03-23 19:49:49 +02:00
Idan Horowitz
b880b64446 Base: Add UMIP to Mitigations(7) 2022-03-23 19:49:49 +02:00
kleines Filmröllchen
98c0c5e9e6 Help+Base: Add help://man URLs for links between man pages 
The URLs of the form `help://man/<section>/<page>` link to another help
page inside the help application. All previous relative page links are
replaced by this new form. This doesn't change any behavior but it looks
much nicer :^)

Note that man doesn't handle these new links, but the previous relative
links didn't work either.
 2022-01-11 00:24:57 +01:00
Ben Wiederhake
a59fc324bd Base: Document readonly atexit mitigation 2021-11-11 12:50:18 +00:00
Nico Weber
97d27c312a Base: Fix typos 2021-10-01 01:18:52 +01:00
Brian Gianforcaro
8fcdc255ff man: Add "-z seperate-code" to man7/Mitigations.md 
Update the mitigations documentation with the lateest mitigation.
 2021-09-28 10:57:00 +02:00
Ben Wiederhake
6fe82889fb Base: Fix Markdown casing in headings 2021-09-11 15:17:44 +02:00
Brian Gianforcaro
c95ac83367 Base: Mitigations(7) add -fzero-call-used-regs and Process Protection 
Update the man page to describe more mitigations that we have applied.
 2021-07-26 13:08:37 +04:30
Mart G
e81d35995e Base: Fix a spelling error in the mitigations man page 2021-05-10 17:44:30 +01:00
Brendan Coles
aee735889e Base: Fix typos and spelling errors in man pages 2021-05-05 12:22:08 +01:00
Brian Gianforcaro
56fccf1667 Base: Minor cleanup of a few man pages. 
- Fix some typos and formatting.

- Add links to Mitigations from unveil / pledge.
 2021-05-05 12:24:16 +02:00
Emanuele Torre
1f81bc6879 Everywhere: Remove unnecessary whitespace at the end of some lines. 2021-03-08 09:20:53 +01:00
Andreas Kling
8fd86fe6c9 Base: Do a little copy-editing in Mitigations(7) 2021-02-20 11:37:55 +01:00
Andreas Kling
7e959d7430 Base: Fix a broken commit link in Mitigations(7) 2021-02-20 09:32:40 +01:00
Brian Gianforcaro
0d196d14d2 Base: Document more the mitigations in man7/Mitigations.md 
Document:
* Unmap After Init
* RELRO
* -fstack-clash-protection
* -fstack-protector / -fstack-protector-strong
 2021-02-20 09:01:02 +01:00
Brian Gianforcaro
a5f879ea8c Base: Add a man page documenting security mitigations 
Since so much work is being put into mitigations, I thought
it would be nice to track them all in one place. This is the
start of that document.
 2021-02-15 15:25:01 +01:00