diff options
| author |   Alexander Popov <alex.popov@linux.com> | 2018-08-17 01:17:02 +0300 |
|---|---|---|
| committer |   Kees Cook <keescook@chromium.org> | 2018-09-04 10:35:48 -0700 |
| commit | ed535a2dae1836d15c71e250475952881265d244 (patch) | |
| tree | a9b651bea5a943e78824b9fe7cf161eb16713720 | |
| parent | fs/proc: Show STACKLEAK metrics in the /proc file system (diff) | |
| download | linux-dev-ed535a2dae1836d15c71e250475952881265d244.tar.xz linux-dev-ed535a2dae1836d15c71e250475952881265d244.zip | |
doc: self-protection: Add information about STACKLEAK feature
Add information about STACKLEAK feature to the "Memory poisoning"
section of self-protection.rst.
Signed-off-by: Alexander Popov <alex.popov@linux.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
| -rw-r--r-- | Documentation/security/self-protection.rst | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rst index e1ca698e0006..f584fb74b4ff 100644 --- a/Documentation/security/self-protection.rst +++ b/Documentation/security/self-protection.rst @@ -302,11 +302,11 @@ sure structure holes are cleared. Memory poisoning ---------------- -When releasing memory, it is best to poison the contents (clear stack on -syscall return, wipe heap memory on a free), to avoid reuse attacks that -rely on the old contents of memory. This frustrates many uninitialized -variable attacks, stack content exposures, heap content exposures, and -use-after-free attacks. +When releasing memory, it is best to poison the contents, to avoid reuse +attacks that rely on the old contents of memory. E.g., clear stack on a +syscall return (``CONFIG_GCC_PLUGIN_STACKLEAK``), wipe heap memory on a +free. This frustrates many uninitialized variable attacks, stack content +exposures, heap content exposures, and use-after-free attacks. Destination tracking -------------------- |