Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <28ab447e24684c58a5e03af44edd6d5a@AcuMS.aculab.com>
Date: Thu, 30 Nov 2017 10:23:44 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Andrew Morton' <akpm@...ux-foundation.org>, "Tobin C. Harding"
	<me@...in.cc>
CC: "kernel-hardening@...ts.openwall.com"
	<kernel-hardening@...ts.openwall.com>, Linus Torvalds
	<torvalds@...ux-foundation.org>, "Jason A. Donenfeld" <Jason@...c4.com>,
	Theodore Ts'o <tytso@....edu>, Kees Cook <keescook@...omium.org>, "Paolo
 Bonzini" <pbonzini@...hat.com>, Tycho Andersen <tycho@...ho.ws>, "Roberts,
 William C" <william.c.roberts@...el.com>, Tejun Heo <tj@...nel.org>, "Jordan
 Glover" <Golden_Miller83@...tonmail.ch>, Greg KH
	<gregkh@...uxfoundation.org>, Petr Mladek <pmladek@...e.com>, Joe Perches
	<joe@...ches.com>, Ian Campbell <ijc@...lion.org.uk>, Sergey Senozhatsky
	<sergey.senozhatsky@...il.com>, Catalin Marinas <catalin.marinas@....com>,
	Will Deacon <wilal.deacon@....com>, Steven Rostedt <rostedt@...dmis.org>,
	Chris Fries <cfries@...gle.com>, Dave Weinstein <olorin@...gle.com>, Daniel
 Micay <danielmicay@...il.com>, Djalal Harouni <tixxdz@...il.com>,
	Radim Krcmár <rkrcmar@...hat.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Network
 Development" <netdev@...r.kernel.org>, David Miller <davem@...emloft.net>,
	Stephen Rothwell <sfr@...b.auug.org.au>, Andrey Ryabinin
	<aryabinin@...tuozzo.com>, Alexander Potapenko <glider@...gle.com>, "Dmitry
 Vyukov" <dvyukov@...gle.com>
Subject: RE: [PATCH V11 0/5] hash addresses printed with %p

From: Andrew Morton
> Sent: 29 November 2017 23:21
> >
> > The added advantage of hashing %p is that security is now opt-out, if
> > you _really_ want the address you have to work a little harder and use
> > %px.

You need a system-wide opt-out that prints the actual values.
Otherwise developers will use something else to print addresses and
the code will remain in the released drivers.

> > The idea for creating the printk specifier %px to print the actual
> > address was suggested by Kees Cook (see below for email threads by
> > subject).
> 
> Maybe I'm being thick, but...  if we're rendering these addresses
> unusable by hashing them, why not just print something like
> "<obscured>" in their place?  That loses the uniqueness thing but I
> wonder how valuable that is in practice?

My worry is that is you get a kernel 'oops' print with actual register
values you have no easy way of tying an address or address+offset to
the corresponding hash(address) printed elsewhere.

	David

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.