From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751778AbdCABWY (ORCPT ); Tue, 28 Feb 2017 20:22:24 -0500 Received: from smtprelay0187.hostedemail.com ([216.40.44.187]:41868 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751533AbdCABWR (ORCPT ); Tue, 28 Feb 2017 20:22:17 -0500 X-Session-Marker: 6A6F6540706572636865732E636F6D X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,joe@perches.com,:::::::::::,RULES_HIT:41:355:379:541:599:800:960:973:988:989:1260:1277:1311:1313:1314:1345:1359:1373:1431:1437:1515:1516:1518:1534:1538:1593:1594:1711:1714:1730:1747:1777:1792:2393:2553:2559:2562:2828:2894:3138:3139:3140:3141:3142:3351:3622:3865:3866:3867:3868:3870:4321:5007:10004:10400:10471:10848:10967:11232:11658:11914:12740:12760:12895:13069:13255:13311:13357:13439:14181:14659:14721:21080:21433:30054:30070:30090:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fn,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:2,LUA_SUMMARY:none X-HE-Tag: plant30_7f77a09113407 X-Filterd-Recvd-Size: 1841 Message-ID: <1488330874.25838.43.camel@perches.com> Subject: Re: [kernel-hardening] Re: [PATCH] checkpatch: Add ability to find bad uses of vsprintf %p extensions From: Joe Perches To: Kees Cook , Andrew Morton Cc: Andy Whitcroft , "Roberts, William C" , "kernel-hardening@lists.openwall.com" , LKML Date: Tue, 28 Feb 2017 17:14:34 -0800 In-Reply-To: References: <476DC76E7D1DF2438D32BFADF679FC562307BAE6@ORSMSX103.amr.corp.intel.com> <163a690510e636a23187c0dc9caa09ddac6d4cde.1488228427.git.joe@perches.com> <20170228160607.183a88bd491e97fa6a7ded9c@linux-foundation.org> Content-Type: text/plain; charset="ISO-8859-1" X-Mailer: Evolution 3.22.3-0ubuntu0.1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2017-02-28 at 16:11 -0800, Kees Cook wrote: > On Tue, Feb 28, 2017 at 4:06 PM, Andrew Morton > wrote: > > On Mon, 27 Feb 2017 12:54:55 -0800 Joe Perches wrote: > > > > > %pK was at least once misused at %pk in an out-of-tree module. > > > This lead to some security concerns. Add the ability to track > > > single and multiple line statements for misuses of %p. > > > > Should we also do this? > > Ah yes, good idea. Maybe "...when adding/removing new conversion..." ? Deleting conversions seems unlikely.