lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 22 Apr 2021 15:59:31 +0100
From:   Chris Down <chris@...isdown.name>
To:     Joe Perches <joe@...ches.com>
Cc:     Rasmus Villemoes <linux@...musvillemoes.dk>,
        Petr Mladek <pmladek@...e.com>, linux-kernel@...r.kernel.org,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        John Ogness <john.ogness@...utronix.de>,
        Johannes Weiner <hannes@...xchg.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Kees Cook <keescook@...omium.org>, kernel-team@...com
Subject: Re: [PATCH v5] printk: Userspace format enumeration support

Joe Perches writes:
>You really should evaluate the utility of log level monitoring and
>reconsider adding some compiler extension use of __printf to generate
>this format tracking ability.

Asking again, because you're repeating what you said last time without any 
further clarification: how is __printf tracking supposed to be sufficient? That 
tells one which arguments will have printf semantics, so sure, one can get the 
format, but (for example) you don't have any access to information about the 
log level, which is essential since otherwise it's not known whether the printk 
is capable of being emitted or not. Without that, you're suggesting replacing a 
functioning implementation with a "solution" which is not fit for the intended 
purpose.

For the use case described in the changelog, more or less all of the essential 
printks that must be monitored use printk() infrastructure directly. We're not 
trying to monitor the world here when we have plenty of better metrics. I'm 
sure there will be others which come up with time, but this doesn't have to 
cover every single possible subsystem's fancy printk-like out of the gate.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ