[PATCH 03/15] memfd_secret.2: Minor tweaks to Mike's patch

[PATCH 00/15] Patches from others · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 01/15] termios.3: CIBAUD and IBSHIFT are implemented on Linux, just unsupported by glibc · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 02/15] memfd_secret.2: add NOTES section ... · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 03/15] memfd_secret.2: Minor tweaks to Mike's patch · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 04/15] ioctl_tty.2: Add example how to get or set baudrate on the serial port · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 05/15] ioctl_tty.2: Minor tweaks to Pali's patch · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 06/15] process_madvise.2: Add MADV_WILLNEED to process_madvise() · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 07/15] process_madvise.2: Minor tweaks to Zhangkui's patch · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 08/15] process_madvise.2: ffix · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 09/15] clone.2: ERRORS: Add EACCESS with CLONE_INTO_CGROUP + clone3 · Alejandro Colomar <hidden> · 2021-09-10
Re: [PATCH 09/15] clone.2: ERRORS: Add EACCESS with CLONE_INTO_CGROUP + clone3 · Alejandro Colomar (man-pages) <hidden> · 2021-09-10
Re: [PATCH 09/15] clone.2: ERRORS: Add EACCESS with CLONE_INTO_CGROUP + clone3 · Christian Brauner <hidden> · 2021-09-13
[PATCH 10/15] ioctl_tty.2: Fix information about header include file · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 11/15] veth.4: tfix · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 12/15] veth.4: tfix · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 14/15] termios.3: srcfix · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 15/15] futex.2: tfix · Alejandro Colomar <hidden> · 2021-09-10
[PATCH 13/15] nscd.conf.5: describe reloading, clarifications · Alejandro Colomar <hidden> · 2021-09-10

STALE1736d

Revisions (3)

2021-05-09 v1 [diff vs current]
2021-07-28 v1 [diff vs current]
2021-09-10 v1 current

From: Alejandro Colomar <hidden>
Date: 2021-09-10 22:47:27
Subsystem: the rest · Maintainer: Linus Torvalds

Cc: Mike Rapoport <rppt@kernel.org>
Signed-off-by: Alejandro Colomar <redacted>
---
 man2/memfd_secret.2 | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/man2/memfd_secret.2 b/man2/memfd_secret.2
index 869480b48..1b4e82954 100644
--- a/man2/memfd_secret.2
+++ b/man2/memfd_secret.2

@@ -148,7 +148,6 @@ The
 .BR memfd_secret ()
 system call is Linux-specific.
 .SH NOTES
-.PP
 The
 .BR memfd_secret ()
 system call is designed to allow a user-space process

@@ -160,7 +159,6 @@ memory ranges backed by
 in any circumstances, but nevertheless,
 it is much harder to exfiltrate data from these regions.
 .PP
-The
 .BR memfd_secret ()
 provides the following protections:
 .IP \(bu 3

@@ -177,7 +175,7 @@ which significantly increases difficulty of the attack,
 especially when other protections like the kernel stack size limit
 and address space layout randomization are in place.
 .IP \(bu
-Prevent cross-process userspace memory exposures.
+Prevent cross-process user-space memory exposures.
 Once a region for a
 .BR memfd_secret ()
 memory mapping is allocated,

@@ -191,7 +189,7 @@ In order to access memory areas backed by
 .BR memfd_secret(),
 a kernel-side attack would need to
 either walk the page tables and create new ones,
-or spawn a new privileged userspace process to perform
+or spawn a new privileged user-space process to perform
 secrets exfiltration using
 .BR ptrace (2).
 .PP

-- 
2.33.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help