ld.so.8: Document LD_POINTER_GUARD

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2009-01-12 22:57:06 +13:00 · 2009-01-12 22:57:06 +13:00 · 7b0cacbb10
parent 54eb262054
commit 7b0cacbb10
1 changed files with 12 additions and 12 deletions
--- a/man8/ld.so.8
+++ b/man8/ld.so.8
@ -256,18 +256,18 @@ For security reasons, since glibc 2.4,
 is ignored for set-user-ID/set-group-ID binaries.
 .\" Only used if $ORIGIN can't be determined by normal means
 .\" (from the origin path saved at load time, or from /proc/self/exe)?
-.\"
-.\" FIXME
-.\" Document LD_POINTER_GUARD
-.\" Since glibc 2.4
-.\" Set to 0 to disable pointer guarding
-.\" Any other value enables pointer guarding, which is also the default.
-.\" Pointer guarding is a security mechanism(?) to minimize the
-.\" the risk of having usable pointer in the event of a buffer overrun
-.\" or stack smashing attack(?).
-.\" http://article.gmane.org/gmane.comp.gdb.patches/41147/match=ld_pointer_guard
-.\" http://sourceware.org/ml/gdb-patches/2008-04/msg00252.html
-.\" http://www.cygwin.com/ml/libc-alpha/2006-01/msg00011.html
+.TP
+.B LD_POINTER_GUARD
+(glibc since 2.4)
+Set to 0 to disable pointer guarding.
+Any other value enables pointer guarding, which is also the default.
+Pointer guarding is a security mechanism whereby some pointers to code
+stored in writable program memory (return addresses saved by
+.BR setjmp (3)
+or function pointers used by various glibc internals) are mangled
+semi-randomly to make it more difficult for an attacker to hijack
+the pointers for use in the event of a buffer overrun or
+stack-smashing attack.
 .TP
 .B LD_PROFILE
 (glibc since 2.1)