UPDATE_ASR(8) FreeBSD System Manager's Manual UPDATE_ASR(8)
NAME
update_asr - perform ASR rerandomization on system services
SYNOPSYS
update_asr [-v] [labels]
DESCRIPTION
The update_asr utility performs one cycle of system service live ASR
(Address Space Randomization) rerandomization. By default, the utility
will attempt to update all system services. If a space-separated list of
service labels is given, only those services are updated.
Updates require the presence of at least two precreated ASR binaries for
the service: the original service binary, and at least one rerandomized
ASR binary for the service. The update consists of selecting the next
on-disk ASR binary for the service, and performing a live update from the
current service into the selected new version. The selection takes place
in a round-robin fashion, so once the script has gone through all
rerandomized ASR binaries, it will revert to the original service binary,
and then continue with the first rerandomized ASR binary again, and so
on.
The following options are available:
-v Enable verbose mode.
SEE ALSO
minix-service(8)
AUTHORS
The update_asr utility was written by David van Moolenbroek
<
[email protected]>.
BUGS
Failures are silently ignored. Some failures are expected, since not all
services are necessarily quiescent and therefore ready to be updated.
As of writing, no infrastructure exists to perform ASR updates
automatically, and no infrastructure exists to create new rerandomized
binaries at runtime.
FreeBSD 14.1-RELEASE-p8 September 7, 2015 FreeBSD 14.1-RELEASE-p8