security: update docs

Add/update information about format string vulnerability protections and stack protections. Change-Id: I3b1f37253469dfb0f57303cf1831aeb771fc673e
author: Nick Kralevich <nnk@google.com> 2012-06-07 15:07:51 -0700
committer: Nick Kralevich <nnk@google.com> 2012-06-07 15:24:42 -0700
commit: a627d7ca1ab19345b1c02c8193880c789157802e (patch)
tree: 60b41226c44676c0caf100f03f67fdca5b933e3e
parent: c4f306e38ce408e10cd9af7023b16da0499239cd (diff)
download: source.android.com-a627d7ca1ab19345b1c02c8193880c789157802e.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/tech/security/index.md b/src/tech/security/index.md
index 4c598a9d..2b552062 100644
--- a/src/tech/security/index.md
+++ b/src/tech/security/index.md
@@ -321,7 +321,7 @@ corruption issues significantly harder to exploit, including:
 
 + Address Space Layout Randomization (ASLR) to randomize key locations in memory
 + Hardware-based No eXecute (NX) to prevent code execution on the stack and heap
-+ ProPolice to prevent stack buffer overruns
++ ProPolice to prevent stack buffer overruns (-fstack-protector)
 + safe_iop to reduce integer overflows
 + Extensions to OpenBSD dlmalloc to prevent double free() vulnerabilities and
 to prevent chunk consolidation attacks.  Chunk consolidation attacks are a
@@ -329,6 +329,7 @@ common way to exploit heap corruption.
 + OpenBSD calloc to prevent integer overflows during memory allocation
 + Linux mmap_min_addr() to mitigate null pointer dereference privilege
 escalation
++ Format string vulnerability protections (-Wformat-security -Werror=format-security)
 
 ##Rooting of Devices
author	Nick Kralevich <nnk@google.com>	2012-06-07 15:07:51 -0700
committer	Nick Kralevich <nnk@google.com>	2012-06-07 15:24:42 -0700
commit	a627d7ca1ab19345b1c02c8193880c789157802e (patch)
tree	60b41226c44676c0caf100f03f67fdca5b933e3e
parent	c4f306e38ce408e10cd9af7023b16da0499239cd (diff)
download	source.android.com-a627d7ca1ab19345b1c02c8193880c789157802e.tar.gz