Commit ed535a2d authored by Alexander Popov's avatar Alexander Popov Committed by Kees Cook

doc: self-protection: Add information about STACKLEAK feature

Add information about STACKLEAK feature to the "Memory poisoning"
section of self-protection.rst.
Signed-off-by: default avatarAlexander Popov <alex.popov@linux.com>
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
parent c8d12627
......@@ -302,11 +302,11 @@ sure structure holes are cleared.
Memory poisoning
----------------
When releasing memory, it is best to poison the contents (clear stack on
syscall return, wipe heap memory on a free), to avoid reuse attacks that
rely on the old contents of memory. This frustrates many uninitialized
variable attacks, stack content exposures, heap content exposures, and
use-after-free attacks.
When releasing memory, it is best to poison the contents, to avoid reuse
attacks that rely on the old contents of memory. E.g., clear stack on a
syscall return (``CONFIG_GCC_PLUGIN_STACKLEAK``), wipe heap memory on a
free. This frustrates many uninitialized variable attacks, stack content
exposures, heap content exposures, and use-after-free attacks.
Destination tracking
--------------------
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment