On Mon, 7 Oct 2013 19:56:51 -0700 Kees Cook <keesc...@chromium.org> wrote:
> This ignores %n in printf again, as was originally documented. Implementing > %n poses a greater security risk than utility, so it should stay ignored. > To help anyone attempting to use %n, a warning will be emitted if it is > encountered. > > Based on earlier patch by Joe Perches. Well this sucks. Nowhere in this patchset are we told what is the alleged security risk with %n. There's even a runtime warning telling people not to use it, but we've provided no way for them to find out *why*. Please send along suitable changelog text so I can fix this up. A new checkpatch rule might be appropriate? Two of these patches were acked-by:you. But you sent the patches, so I changed these to Signed-off-by:, as per Documentation/SubmittingPatches, section 12. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
