Ben Wiederhake 
								
							 
						 
						
							
							
							
							
								
							
							
								b272b45137 
								
							 
						 
						
							
							
								
								Meta: Fix link to relocated intel.com webpage  
							
							... 
							
							
							
							Using archive.org, it appears that this page has moved at some point
between May 14, 2021, and December 22, 2022, for no discernible reason. 
							
						 
						
							2022-12-31 13:00:13 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Ben Wiederhake 
								
							 
						 
						
							
							
							
							
								
							
							
								21b7c32af0 
								
							 
						 
						
							
							
								
								Meta: Fix link to wrong version of commit in Mitigations.md  
							
							... 
							
							
							
							The old commit seems to be the one from the PR, hence it is not in the
master branch. 
							
						 
						
							2022-12-31 13:00:13 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Liav A 
								
							 
						 
						
							
							
							
							
								
							
							
								e598f22768 
								
							 
						 
						
							
							
								
								Kernel: Disallow executing SUID binaries if process is jailed  
							
							... 
							
							
							
							Check if the process we are currently running is in a jail, and if that
is the case, fail early with the EPERM error code.
Also, as Brian noted, we should also disallow attaching to a jail in
case of already running within a setid executable, as this leaves the
user with false thinking of being secure (because you can't exec new
setid binaries), but the current program is still marked setid, which
means that at the very least we gained permissions while we didn't
expect it, so let's block it. 
							
						 
						
							2022-12-30 15:49:37 -05:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Liav A 
								
							 
						 
						
							
							
							
							
								
							
							
								2b5d7a8a72 
								
							 
						 
						
							
							
								
								Base: Mention new immutable memory mappings security feature  
							
							
							
						 
						
							2022-12-22 20:32:57 -08:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Liav A 
								
							 
						 
						
							
							
							
							
								
							
							
								905becc991 
								
							 
						 
						
							
							
								
								Base: Add a note about Jails open access in the Mitigations(7) document  
							
							
							
						 
						
							2022-12-09 23:09:00 -07:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Liav A 
								
							 
						 
						
							
							
							
							
								
							
							
								756d2a7f63 
								
							 
						 
						
							
							
								
								Base: Add a description about Jails to the Mitigations(7) document  
							
							... 
							
							
							
							We add a new document entry to mention jailed processes' restrictions,
so it is clear which restrictions apply when using Jails. 
							
						 
						
							2022-12-03 05:47:58 -07:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Brian Gianforcaro 
								
							 
						 
						
							
							
							
							
								
							
							
								b7c50f7094 
								
							 
						 
						
							
							
								
								Base: Add -ftrivial-auto-var-init to man7/Mitigations.md  
							
							
							
						 
						
							2022-07-09 00:53:45 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Idan Horowitz 
								
							 
						 
						
							
							
							
							
								
							
							
								d6eeb05bf9 
								
							 
						 
						
							
							
								
								Base: Add KASLR to Mitigations(7)  
							
							
							
						 
						
							2022-03-23 19:49:49 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Idan Horowitz 
								
							 
						 
						
							
							
							
							
								
							
							
								b880b64446 
								
							 
						 
						
							
							
								
								Base: Add UMIP to Mitigations(7)  
							
							
							
						 
						
							2022-03-23 19:49:49 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									kleines Filmröllchen 
								
							 
						 
						
							
							
							
							
								
							
							
								98c0c5e9e6 
								
							 
						 
						
							
							
								
								Help+Base: Add help://man URLs for links between man pages  
							
							... 
							
							
							
							The URLs of the form `help://man/<section>/<page>` link to another help
page inside the help application. All previous relative page links are
replaced by this new form. This doesn't change any behavior but it looks
much nicer :^)
Note that man doesn't handle these new links, but the previous relative
links didn't work either. 
							
						 
						
							2022-01-11 00:24:57 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Ben Wiederhake 
								
							 
						 
						
							
							
							
							
								
							
							
								a59fc324bd 
								
							 
						 
						
							
							
								
								Base: Document readonly atexit mitigation  
							
							
							
						 
						
							2021-11-11 12:50:18 +00:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Nico Weber 
								
							 
						 
						
							
							
							
							
								
							
							
								97d27c312a 
								
							 
						 
						
							
							
								
								Base: Fix typos  
							
							
							
						 
						
							2021-10-01 01:18:52 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Brian Gianforcaro 
								
							 
						 
						
							
							
							
							
								
							
							
								8fcdc255ff 
								
							 
						 
						
							
							
								
								man: Add "-z seperate-code" to man7/Mitigations.md  
							
							... 
							
							
							
							Update the mitigations documentation with the lateest mitigation. 
							
						 
						
							2021-09-28 10:57:00 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Ben Wiederhake 
								
							 
						 
						
							
							
							
							
								
							
							
								6fe82889fb 
								
							 
						 
						
							
							
								
								Base: Fix Markdown casing in headings  
							
							
							
						 
						
							2021-09-11 15:17:44 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Brian Gianforcaro 
								
							 
						 
						
							
							
							
							
								
							
							
								c95ac83367 
								
							 
						 
						
							
							
								
								Base: Mitigations(7) add -fzero-call-used-regs and Process Protection  
							
							... 
							
							
							
							Update the man page to describe more mitigations that we have applied. 
							
						 
						
							2021-07-26 13:08:37 +04:30 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Mart G 
								
							 
						 
						
							
							
							
							
								
							
							
								e81d35995e 
								
							 
						 
						
							
							
								
								Base: Fix a spelling error in the mitigations man page  
							
							
							
						 
						
							2021-05-10 17:44:30 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Brendan Coles 
								
							 
						 
						
							
							
							
							
								
							
							
								aee735889e 
								
							 
						 
						
							
							
								
								Base: Fix typos and spelling errors in man pages  
							
							
							
						 
						
							2021-05-05 12:22:08 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Brian Gianforcaro 
								
							 
						 
						
							
							
							
							
								
							
							
								56fccf1667 
								
							 
						 
						
							
							
								
								Base: Minor cleanup of a few man pages.  
							
							... 
							
							
							
							- Fix some typos and formatting.
- Add links to Mitigations from unveil / pledge. 
							
						 
						
							2021-05-05 12:24:16 +02:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Emanuele Torre 
								
							 
						 
						
							
							
							
							
								
							
							
								1f81bc6879 
								
							 
						 
						
							
							
								
								Everywhere: Remove unnecessary whitespace at the end of some lines.  
							
							
							
						 
						
							2021-03-08 09:20:53 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas Kling 
								
							 
						 
						
							
							
							
							
								
							
							
								8fd86fe6c9 
								
							 
						 
						
							
							
								
								Base: Do a little copy-editing in Mitigations(7)  
							
							
							
						 
						
							2021-02-20 11:37:55 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Andreas Kling 
								
							 
						 
						
							
							
							
							
								
							
							
								7e959d7430 
								
							 
						 
						
							
							
								
								Base: Fix a broken commit link in Mitigations(7)  
							
							
							
						 
						
							2021-02-20 09:32:40 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Brian Gianforcaro 
								
							 
						 
						
							
							
							
							
								
							
							
								0d196d14d2 
								
							 
						 
						
							
							
								
								Base: Document more the mitigations in man7/Mitigations.md  
							
							... 
							
							
							
							Document:
* Unmap After Init
* RELRO
* -fstack-clash-protection
* -fstack-protector / -fstack-protector-strong 
							
						 
						
							2021-02-20 09:01:02 +01:00 
							
								 
							
							
								 
							
						 
					 
				
					
						
							
								
								
									Brian Gianforcaro 
								
							 
						 
						
							
							
							
							
								
							
							
								a5f879ea8c 
								
							 
						 
						
							
							
								
								Base: Add a man page documenting security mitigations  
							
							... 
							
							
							
							Since so much work is being put into mitigations, I thought
it would be nice to track them all in one place. This is the
start of that document. 
							
						 
						
							2021-02-15 15:25:01 +01:00