Document SO_ZEROIZE socket option.

OK claudio@

1 files changed, 9 insertions, 2 deletions

diff --git a/lib/libc/sys/getsockopt.2 b/lib/libc/sys/getsockopt.2
index ccfaa38907b..1efb6f6f418 100644
--- a/lib/libc/sys/getsockopt.2
+++ b/lib/libc/sys/getsockopt.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: getsockopt.2,v 1.51 2016/10/19 05:50:54 jmc Exp $
+.\"	$OpenBSD: getsockopt.2,v 1.52 2019/01/08 13:05:36 bluhm Exp $
 .\"	$NetBSD: getsockopt.2,v 1.7 1995/02/27 12:33:29 cgd Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)getsockopt.2	8.3 (Berkeley) 4/19/94
 .\"
-.Dd $Mdocdate: October 19 2016 $
+.Dd $Mdocdate: January 8 2019 $
 .Dt GETSOCKOPT 2
 .Os
 .Sh NAME
@@ -168,6 +168,8 @@ get the credentials from other side of connection
 set the routing table used for route lookups
 .It Dv SO_SPLICE
 splice two sockets together or get data length
+.It Dv SO_ZEROIZE
+clear all memory containing user supplied data
 .It Dv SO_TYPE
 get the type of the socket (get only)
 .It Dv SO_ERROR
@@ -442,6 +444,11 @@ source socket
 .Fa s .
 A successful new splice resets this number.
 .Pp
+User land may write sensitive data into a socket.
+If
+.Dv SO_ZEROIZE
+is set, overwrite kernel memory after sending data.
+.Pp
 Finally,
 .Dv SO_TYPE
 and