RE: [PATCH V11 0/5] hash addresses printed with %p

From: David Laight
Date: Thu Nov 30 2017 - 05:23:48 EST

Next message: Sergey Senozhatsky: "Re: [PATCH V11 0/5] hash addresses printed with %p"
Previous message: srinivas . kandagatla: "[PATCH] ASoC: codecs: msm8916-wcd: Fix supported formats"
In reply to: Tobin C. Harding: "Re: [PATCH V11 0/5] hash addresses printed with %p"
Next in thread: Sergey Senozhatsky: "Re: [PATCH V11 0/5] hash addresses printed with %p"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrew Morton
> Sent: 29 November 2017 23:21
> >
> > The added advantage of hashing %p is that security is now opt-out, if
> > you _really_ want the address you have to work a little harder and use
> > %px.

You need a system-wide opt-out that prints the actual values.
Otherwise developers will use something else to print addresses and
the code will remain in the released drivers.

> > The idea for creating the printk specifier %px to print the actual
> > address was suggested by Kees Cook (see below for email threads by
> > subject).
>
> Maybe I'm being thick, but... if we're rendering these addresses
> unusable by hashing them, why not just print something like
> "<obscured>" in their place? That loses the uniqueness thing but I
> wonder how valuable that is in practice?

My worry is that is you get a kernel 'oops' print with actual register
values you have no easy way of tying an address or address+offset to
the corresponding hash(address) printed elsewhere.

David

Next message: Sergey Senozhatsky: "Re: [PATCH V11 0/5] hash addresses printed with %p"
Previous message: srinivas . kandagatla: "[PATCH] ASoC: codecs: msm8916-wcd: Fix supported formats"
In reply to: Tobin C. Harding: "Re: [PATCH V11 0/5] hash addresses printed with %p"
Next in thread: Sergey Senozhatsky: "Re: [PATCH V11 0/5] hash addresses printed with %p"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]