doc: self-protection: Add information about STACKLEAK feature
Add information about STACKLEAK feature to the "Memory poisoning" section of self-protection.rst. Signed-off-by: Alexander Popov <alex.popov@linux.com> Signed-off-by: Kees Cook <keescook@chromium.org>hifive-unleashed-5.1
parent
c8d126275a
commit
ed535a2dae
|
@ -302,11 +302,11 @@ sure structure holes are cleared.
|
||||||
Memory poisoning
|
Memory poisoning
|
||||||
----------------
|
----------------
|
||||||
|
|
||||||
When releasing memory, it is best to poison the contents (clear stack on
|
When releasing memory, it is best to poison the contents, to avoid reuse
|
||||||
syscall return, wipe heap memory on a free), to avoid reuse attacks that
|
attacks that rely on the old contents of memory. E.g., clear stack on a
|
||||||
rely on the old contents of memory. This frustrates many uninitialized
|
syscall return (``CONFIG_GCC_PLUGIN_STACKLEAK``), wipe heap memory on a
|
||||||
variable attacks, stack content exposures, heap content exposures, and
|
free. This frustrates many uninitialized variable attacks, stack content
|
||||||
use-after-free attacks.
|
exposures, heap content exposures, and use-after-free attacks.
|
||||||
|
|
||||||
Destination tracking
|
Destination tracking
|
||||||
--------------------
|
--------------------
|
||||||
|
|
Loading…
Reference in New Issue