From 7b0cacbb10aaebc2c80c0eb1e55657918ce081a6 Mon Sep 17 00:00:00 2001 From: Petr Baudis Date: Mon, 12 Jan 2009 22:57:06 +1300 Subject: [PATCH] ld.so.8: Document LD_POINTER_GUARD Signed-off-by: Michael Kerrisk --- man8/ld.so.8 | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/man8/ld.so.8 b/man8/ld.so.8 index e83305a79..41374b4f2 100644 --- a/man8/ld.so.8 +++ b/man8/ld.so.8 @@ -256,18 +256,18 @@ For security reasons, since glibc 2.4, is ignored for set-user-ID/set-group-ID binaries. .\" Only used if $ORIGIN can't be determined by normal means .\" (from the origin path saved at load time, or from /proc/self/exe)? -.\" -.\" FIXME -.\" Document LD_POINTER_GUARD -.\" Since glibc 2.4 -.\" Set to 0 to disable pointer guarding -.\" Any other value enables pointer guarding, which is also the default. -.\" Pointer guarding is a security mechanism(?) to minimize the -.\" the risk of having usable pointer in the event of a buffer overrun -.\" or stack smashing attack(?). -.\" http://article.gmane.org/gmane.comp.gdb.patches/41147/match=ld_pointer_guard -.\" http://sourceware.org/ml/gdb-patches/2008-04/msg00252.html -.\" http://www.cygwin.com/ml/libc-alpha/2006-01/msg00011.html +.TP +.B LD_POINTER_GUARD +(glibc since 2.4) +Set to 0 to disable pointer guarding. +Any other value enables pointer guarding, which is also the default. +Pointer guarding is a security mechanism whereby some pointers to code +stored in writable program memory (return addresses saved by +.BR setjmp (3) +or function pointers used by various glibc internals) are mangled +semi-randomly to make it more difficult for an attacker to hijack +the pointers for use in the event of a buffer overrun or +stack-smashing attack. .TP .B LD_PROFILE (glibc since 2.1)