From 3cfa3f01606c1e88b8fd42b3451f7339673179d5 Mon Sep 17 00:00:00 2001
From: Alexander Bluhm <bluhm@cvs.openbsd.org>
Date: Tue, 8 Jan 2019 13:05:37 +0000
Subject: Document SO_ZEROIZE socket option. OK claudio@

---
 lib/libc/sys/getsockopt.2 | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/libc/sys/getsockopt.2 b/lib/libc/sys/getsockopt.2
index ccfaa38907b..1efb6f6f418 100644
--- a/lib/libc/sys/getsockopt.2
+++ b/lib/libc/sys/getsockopt.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: getsockopt.2,v 1.51 2016/10/19 05:50:54 jmc Exp $
+.\"	$OpenBSD: getsockopt.2,v 1.52 2019/01/08 13:05:36 bluhm Exp $
 .\"	$NetBSD: getsockopt.2,v 1.7 1995/02/27 12:33:29 cgd Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
@@ -30,7 +30,7 @@
 .\"
 .\"     @(#)getsockopt.2	8.3 (Berkeley) 4/19/94
 .\"
-.Dd $Mdocdate: October 19 2016 $
+.Dd $Mdocdate: January 8 2019 $
 .Dt GETSOCKOPT 2
 .Os
 .Sh NAME
@@ -168,6 +168,8 @@ get the credentials from other side of connection
 set the routing table used for route lookups
 .It Dv SO_SPLICE
 splice two sockets together or get data length
+.It Dv SO_ZEROIZE
+clear all memory containing user supplied data
 .It Dv SO_TYPE
 get the type of the socket (get only)
 .It Dv SO_ERROR
@@ -442,6 +444,11 @@ source socket
 .Fa s .
 A successful new splice resets this number.
 .Pp
+User land may write sensitive data into a socket.
+If
+.Dv SO_ZEROIZE
+is set, overwrite kernel memory after sending data.
+.Pp
 Finally,
 .Dv SO_TYPE
 and
-- 
cgit v1.2.3