The branch main has been updated by netchild:
URL:
https://cgit.FreeBSD.org/src/commit/?id=e91117fa8ed2d00ae520454d6fecfce8abae0664
commit e91117fa8ed2d00ae520454d6fecfce8abae0664
Author: Alexander Leidinger <netch...@freebsd.org>
AuthorDate: 2025-01-29 08:32:00 +0000
Commit: Alexander Leidinger <netch...@freebsd.org>
CommitDate: 2025-01-29 13:39:24 +0000
Improve the stack clash protection description.
Despite not being mentioned in the docs of gcc and clang, the stack
clash protection is architecture / implementation dependent.
Reported by: jrtc27
---
share/man/man7/mitigations.7 | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7
index 4db6589cdcf1..c3c6ab55c480 100644
--- a/share/man/man7/mitigations.7
+++ b/share/man/man7/mitigations.7
@@ -28,7 +28,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd January 25, 2025
+.Dd January 29, 2025
.Dt MITIGATIONS 7
.Os
.Sh NAME
@@ -244,8 +244,9 @@ and it is possible that some applications may not function
correctly.
.Fx
supports stack overflow protection using the Stack Smashing Protector
.Pq SSP
-compiler feature,
-and stack clash protection.
+compiler feature.
+Stack clash protection is also enabled,
+if supported by the compiler for the given architecture.
In userland, SSP adds a per-process randomized canary at the end of every stack
frame which is checked for corruption upon return from the function,
and stack probing in
