Cc: Mike Rapoport <rppt@xxxxxxxxxx> Signed-off-by: Alejandro Colomar <alx.manpages@xxxxxxxxx> --- man2/memfd_secret.2 | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/man2/memfd_secret.2 b/man2/memfd_secret.2 index 869480b48..1b4e82954 100644 --- a/man2/memfd_secret.2 +++ b/man2/memfd_secret.2 @@ -148,7 +148,6 @@ The .BR memfd_secret () system call is Linux-specific. .SH NOTES -.PP The .BR memfd_secret () system call is designed to allow a user-space process @@ -160,7 +159,6 @@ memory ranges backed by in any circumstances, but nevertheless, it is much harder to exfiltrate data from these regions. .PP -The .BR memfd_secret () provides the following protections: .IP \(bu 3 @@ -177,7 +175,7 @@ which significantly increases difficulty of the attack, especially when other protections like the kernel stack size limit and address space layout randomization are in place. .IP \(bu -Prevent cross-process userspace memory exposures. +Prevent cross-process user-space memory exposures. Once a region for a .BR memfd_secret () memory mapping is allocated, @@ -191,7 +189,7 @@ In order to access memory areas backed by .BR memfd_secret(), a kernel-side attack would need to either walk the page tables and create new ones, -or spawn a new privileged userspace process to perform +or spawn a new privileged user-space process to perform secrets exfiltration using .BR ptrace (2). .PP -- 2.33.0
