lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20171030223346.GX12341@eros>
Date:   Tue, 31 Oct 2017 09:33:46 +1100
From:   "Tobin C. Harding" <me@...in.cc>
To:     Kees Cook <keescook@...omium.org>
Cc:     kernel-hardening@...ts.openwall.com,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Theodore Ts'o <tytso@....edu>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Tycho Andersen <tycho@...ker.com>,
        "Roberts, William C" <william.c.roberts@...el.com>,
        Tejun Heo <tj@...nel.org>,
        Jordan Glover <Golden_Miller83@...tonmail.ch>,
        Greg KH <gregkh@...uxfoundation.org>,
        Petr Mladek <pmladek@...e.com>, Joe Perches <joe@...ches.com>,
        Ian Campbell <ijc@...lion.org.uk>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <wilal.deacon@....com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Chris Fries <cfries@...gle.com>,
        Dave Weinstein <olorin@...gle.com>,
        Daniel Micay <danielmicay@...il.com>,
        Djalal Harouni <tixxdz@...il.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH V8 0/2] printk: hash addresses printed with %p

On Mon, Oct 30, 2017 at 03:03:21PM -0700, Kees Cook wrote:
> On Wed, Oct 25, 2017 at 7:53 PM, Tobin C. Harding <me@...in.cc> wrote:
> > Here is the behaviour that this set implements.
> >
> > For kpt_restrict==0
> >
> > Randomness not ready:
> >   printed with %p:              (pointer)          # NOTE: with padding
> > Valid pointer:
> >   printed with %pK:             deadbeefdeadbeef
> >   printed with %p:              0xdeadbeef
> >   malformed specifier (eg %i):  0xdeadbeef
> 
> I really think we can't include SPECIAL unless _every_ callsite of %p
> is actually doing "0x%p", and then we're replacing all of those. We're
> not doing that, though...
> 
> $ git grep '%p\b' | wc -l
> 12766
> $ git grep '0x%p\b' | wc -l
> 1837
> 
> If we need some kind of special marking that this is a hashed
> variable, that should be something other than "0x". If we're using the
> existing "(null)" and new "(pointer)" text, maybe "(hash:xxxxxx)"
> should be used instead? Then the (rare) callers with 0x become
> "0x(hash:xxxx)" and naked callers produce "(hash:xxxx)".
> 
> I think the first step for this is to just leave SPECIAL out.

Thanks Kees. V9 leaves SPECIAL out. Also V9 prints the whole 64 bit
address with the first 32 bits masked to zero. The intent being to _not_
change the output format from what it currently is. So it will look like
this; 

	00000000c09e81d0

What do you think?

Amusingly I think this whole conversation is going to come up again
when we do %pa, in inverse, since %pa currently does us SPECIAL.

thanks,
Tobin.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ