diff options
author | Alexander Popov <alex.popov@linux.com> | 2018-08-17 01:17:02 +0300 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2018-09-04 10:35:48 -0700 |
commit | ed535a2dae1836d15c71e250475952881265d244 (patch) | |
tree | a9b651bea5a943e78824b9fe7cf161eb16713720 /Documentation/security | |
parent | c8d126275a5fa59394fe17109bdb9812fed296b8 (diff) |
doc: self-protection: Add information about STACKLEAK feature
Add information about STACKLEAK feature to the "Memory poisoning"
section of self-protection.rst.
Signed-off-by: Alexander Popov <alex.popov@linux.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'Documentation/security')
-rw-r--r-- | Documentation/security/self-protection.rst | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rst index e1ca698e0006..f584fb74b4ff 100644 --- a/Documentation/security/self-protection.rst +++ b/Documentation/security/self-protection.rst @@ -302,11 +302,11 @@ sure structure holes are cleared. Memory poisoning ---------------- -When releasing memory, it is best to poison the contents (clear stack on -syscall return, wipe heap memory on a free), to avoid reuse attacks that -rely on the old contents of memory. This frustrates many uninitialized -variable attacks, stack content exposures, heap content exposures, and -use-after-free attacks. +When releasing memory, it is best to poison the contents, to avoid reuse +attacks that rely on the old contents of memory. E.g., clear stack on a +syscall return (``CONFIG_GCC_PLUGIN_STACKLEAK``), wipe heap memory on a +free. This frustrates many uninitialized variable attacks, stack content +exposures, heap content exposures, and use-after-free attacks. Destination tracking -------------------- |