On 29/01/14 09:51, Kees Cook wrote: > On Mon, Jan 27, 2014 at 5:02 PM, Ryan Mallon <rmal...@gmail.com> wrote: >> On 28/01/14 11:39, Kees Cook wrote: >>> If arguments are consumed without output when encountering %n, it >>> could be used to benefit or improve information leak attacks that were >>> exposed via a limited size buffer. Since %n is not used by the kernel, >>> there is no reason to make an info leak attack any easier. >> >> I was thinking more like the following. Print the warning if %n is >> detected in format_decode(), but otherwise just remove the handling of >> %n outright and treat it like any other invalid format specifier. >> Something like this completely untested patch. Thoughts? > > I'd be totally fine with it. Minor typo in the comment before the > WARN_ONCE (should be "its" instead of "it"), but otherwise looks good. > Consider it: > > Acked-by: Kees Cook <keesc...@chromium.org> > > It builds and boots fine for me, FWIW. > > -Kees >
It looks like your second version already got added to Andrew's mm tree. I'm happy to repost mine with a fixed typo and proper signed-off by if you'd rather use that version. ~Ryan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/