On Sun, Dec 10, 2017 at 1:47 PM, Paul E. McKenney <paul...@linux.vnet.ibm.com> wrote: > On Sun, Dec 10, 2017 at 12:39:11PM -0800, Linus Torvalds wrote: >> I'd rather make %pK act more like %p than have gratuitous differences.
The feature that paranoid folks currently depend on is getting a value entirely zeroed out with %pK (which is the least possible info leak risk). The hashed %p is almost just as good except that identical hashes are still usable to confirm matching values (but the cases where this would be useful to an attacker are hopefully approaching zero). > So it looks like I should drop the three patches in my tree that convert > %p to %pK. > > Any objections? Sounds good. If they're still useful when hashed, keep the %p. If you want to remove them because they're sensitive, just remove them instead of adding new %pK users. -Kees -- Kees Cook Pixel Security
