lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 06 Jun 2018 00:51:12 +0100
From:   Chris Wilson <chris@...is-wilson.co.uk>
To:     Daniel Rosenberg <drosen@...gle.com>,
        "Sumit Semwal" <sumit.semwal@...aro.org>,
        linux-kernel@...r.kernel.org
Cc:     "Daniel Rosenberg" <drosen@...gle.com>,
        "Divya Ponnusamy" <pdivya@...eaurora.org>,
        "Gustavo Padovan" <gustavo@...ovan.org>,
        dri-devel@...ts.freedesktop.org, linaro-mm-sig@...ts.linaro.org,
        "stable" <stable@...r.kernel.org>, kernel-team@...roid.com,
        linux-media@...r.kernel.org
Subject: Re: [Linaro-mm-sig] [PATCH resend] drivers: dma-buf: Change %p to %pK in
 debug messages

Quoting Daniel Rosenberg (2018-06-06 00:40:41)
> The format specifier %p can leak kernel addresses
> while not valuing the kptr_restrict system settings.
> Use %pK instead of %p, which also evaluates whether
> kptr_restrict is set.

This is backwards though. You never care about the actual value here and
the hashed pointer (%p) is always enough to provide an identifying token.
-Chris

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ