Cook: Security things in Linux v4.13

Kees Cook highlightsthe security-related changes in the 4.13 kernel."Daniel Micay created a version of glibc's FORTIFY_SOURCEcompile-time and run-time protection for finding overflows in the commonstring (e.g. strcpy, strcmp) and memory (e.g. memcpy, memcmp)functions. The idea is that since the compiler already knows the size ofmany of the buffer arguments used by these functions, it can already buildin checks for buffer overflows. When all the sizes are known at compiletime, this can actually allow the compiler to fail the build instead ofcontinuing with a proven overflow. When only some of the sizes are known(e.g. destination size is known at compile-time, but source size is onlyknown at run-time) run-time checks are added to catch any cases where anoverflow might happen. Adding this found several places where minor leakswere happening, and Daniel and I chased down fixes for them."