security: update docs
Add/update information about format string vulnerability
protections and stack protections.
(cherry picked from commit a627d7ca1ab19345b1c02c8193880c789157802e)
Change-Id: Iad1be6c64033015c6b384369e51fa329761336df
diff --git a/src/tech/security/index.md b/src/tech/security/index.md
index 4c598a9..2b55206 100644
--- a/src/tech/security/index.md
+++ b/src/tech/security/index.md
@@ -321,7 +321,7 @@
+ Address Space Layout Randomization (ASLR) to randomize key locations in memory
+ Hardware-based No eXecute (NX) to prevent code execution on the stack and heap
-+ ProPolice to prevent stack buffer overruns
++ ProPolice to prevent stack buffer overruns (-fstack-protector)
+ safe_iop to reduce integer overflows
+ Extensions to OpenBSD dlmalloc to prevent double free() vulnerabilities and
to prevent chunk consolidation attacks. Chunk consolidation attacks are a
@@ -329,6 +329,7 @@
+ OpenBSD calloc to prevent integer overflows during memory allocation
+ Linux mmap_min_addr() to mitigate null pointer dereference privilege
escalation
++ Format string vulnerability protections (-Wformat-security -Werror=format-security)
##Rooting of Devices