On Tue, Jan 28, 2014 at 10:54 AM, Ryan Mallon <[email protected]> wrote: > On 29/01/14 09:51, Kees Cook wrote: > >> On Mon, Jan 27, 2014 at 5:02 PM, Ryan Mallon <[email protected]> wrote: >>> On 28/01/14 11:39, Kees Cook wrote: >>>> If arguments are consumed without output when encountering %n, it >>>> could be used to benefit or improve information leak attacks that were >>>> exposed via a limited size buffer. Since %n is not used by the kernel, >>>> there is no reason to make an info leak attack any easier. >>> >>> I was thinking more like the following. Print the warning if %n is >>> detected in format_decode(), but otherwise just remove the handling of >>> %n outright and treat it like any other invalid format specifier. >>> Something like this completely untested patch. Thoughts? >> >> I'd be totally fine with it. Minor typo in the comment before the >> WARN_ONCE (should be "its" instead of "it"), but otherwise looks good. >> Consider it: >> >> Acked-by: Kees Cook <[email protected]> >> >> It builds and boots fine for me, FWIW. >> >> -Kees >> > > > It looks like your second version already got added to Andrew's mm tree. > I'm happy to repost mine with a fixed typo and proper signed-off by if > you'd rather use that version.
I think yours is much cleaner: it entirely removes the %n processing logic. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
