Commit ed535a2d authored by Alexander Popov's avatar Alexander Popov Committed by Kees Cook
Browse files

doc: self-protection: Add information about STACKLEAK feature 



Add information about STACKLEAK feature to the "Memory poisoning"
section of self-protection.rst.

Signed-off-by: default avatarAlexander Popov <alex.popov@linux.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
parent c8d12627

Documentation/security/self-protection.rst

+5 −5
Original line number Original line Diff line number Diff line
@@ -302,11 +302,11 @@ sure structure holes are cleared. 
Memory poisoning

Memory poisoning

----------------

----------------





When releasing memory, it is best to poison the contents (clear stack on

When releasing memory, it is best to poison the contents, to avoid reuse

syscall return, wipe heap memory on a free), to avoid reuse attacks that

attacks that rely on the old contents of memory. E.g., clear stack on a

rely on the old contents of memory. This frustrates many uninitialized

syscall return (``CONFIG_GCC_PLUGIN_STACKLEAK``), wipe heap memory on a

variable attacks, stack content exposures, heap content exposures, and

free. This frustrates many uninitialized variable attacks, stack content

use-after-free attacks.

exposures, heap content exposures, and use-after-free attacks.





Destination tracking

Destination tracking

--------------------

--------------------

CRA Git | Maintained and supported by SUSTech CRA and CCSE