INTRO (7) NetBSD Miscellaneous Information Manual INTRO (7 ...

More documents

Recommendations

Info

SYSCTL (7) NetBSD Miscellaneous Information Manual SYSCTL (7) security.pax Settings for PaX -- exploit mitigation features. For more information on any ofthe PaX features, please see paxctl(8) and security(8). security.pax.aslr.enable Enable PaX ASLR (Address Space Layout Randomization). The value of this knob must be non-zero for PaX ASLR to be enabled, even ifa program is set to explicit enable. security.pax.aslr.global Specifies the default global policy for programs without an explicit enable/disable flag. When non-zero, all programs will get PaX ASLR, except those exempted with paxctl(8). Otherwise, all programs will not get PaX ASLR, except those specifically marked as such with paxctl(8). security.pax.mprotect.enable Enable PaX MPROTECT restrictions. These are mprotect(2) restrictions to better enforce a WˆX policy. The value of this knob must be non-zero for PaX MPROTECT to be enabled, even ifaprogram is set to explicit enable. security.pax.mprotect.global Specifies the default global policy for programs without an explicit enable/disable flag. When non-zero, all programs will get the PaX MPROTECT restrictions, except those exempted with paxctl(8). Otherwise, all programs will not get the PaX MPROTECT restrictions, except those specifically marked as such with paxctl(8). security.pax.segvguard.enable Enable PaX Segvguard. PaX Segvguard can detect and prevent certain exploitation attempts, where an attacker may try for example to brute-force function return addresses of respawning daemons. Note: The NetBSD interface and implementation of the Segvguard is still experimental, and may change in future releases. security.pax.segvguard.global Specifies the default global policy for programs without an explicit enable/disable flag. When non-zero, all programs will get the PaX Segvguard, except those exempted with paxctl(8). Otherwise, no program will get the PaX Segvguard restrictions, except those specifically marked as such with paxctl(8). security.pax.segvguard.expiry_timeout If the max number was not reached within this timeout (in seconds), the entry will expire. security.pax.segvguard.suspend_timeout Number of seconds to suspend a user from running a faulting program when the limit was exceeded. security.pax.segvguard.max_crashes Max number of segfaults a program can receive before suspension. NetBSD 3.0 December 27, 2007 31
SYSCTL (7) NetBSD Miscellaneous Information Manual SYSCTL (7) The vendor.∗ subtree (CTL_VENDOR) The vendor toplevel name is reserved to be used by vendors who wish to have their own private MIB tree. Intended use is to store values under “vendor..∗”. SEE ALSO sysctl(3), ipsec(4), tcp(4), security(8), sysctl(8) HISTORY The sysctl variables first appeared in 4.4BSD. NetBSD 3.0 December 27, 2007 32
Page 1 and 2:
INTRO(7) NetBSD Miscellaneous Infor
Page 3 and 4:
ASCII (7) NetBSD Miscellaneous Info
Page 5 and 6:
DES_MODES(7) OpenSSL DES_MODES(7) a
Page 7 and 8:
des_modes(7) libdes des_modes(7)
Page 9 and 10:
ENVIRON (7) NetBSD Miscellaneous In
Page 11 and 12:
HIER (7) NetBSD Miscellaneous Infor
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
MAILADDR (7) NetBSD Miscellaneous I
Page 23 and 24:
MDOC (7) NetBSD Miscellaneous Infor
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
MDOC.SAMPLES (7) NetBSD Miscellaneo
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
ME(7) ME(7) .EN - yes Space after e
Page 57 and 58:
NLS (7) NetBSD Miscellaneous Inform
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
PKGSRC (7) NetBSD Miscellaneous Inf
Page 65 and 66:
RE_FORMAT(7) RE_FORMAT(7) NAME re_f
Page 67 and 68:
RE_FORMAT(7) RE_FORMAT(7) The curre
Page 69 and 70: RE_FORMAT(7) RE_FORMAT(7) example,
Page 71 and 72: RELEASE (7) NetBSD Miscellaneous In
Page 77 and 78: SCRIPT (7) NetBSD Miscellaneous Inf
Page 79 and 80: SCRIPT (7) NetBSD Miscellaneous Inf
Page 81 and 82: SETUID (7) NetBSD Miscellaneous Inf
Page 83 and 84: SIGNAL (7) NetBSD Miscellaneous Inf
Page 85 and 86: STICKY (7) NetBSD Miscellaneous Inf
Page 87 and 88: SYMLINK (7) NetBSD Miscellaneous In
Page 89 and 90: SYMLINK (7) NetBSD Miscellaneous In
Page 91 and 92: SYSCTL (7) NetBSD Miscellaneous Inf
Page 119: SYSCTL (7) NetBSD Miscellaneous Inf
show all

INTRO (7) NetBSD Miscellaneous Information Manual INTRO (7 ...

Create successful ePaper yourself

Delete template?

Save as template?