Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1479371pxb; Thu, 4 Feb 2021 14:14:02 -0800 (PST) X-Google-Smtp-Source: ABdhPJw6s7qrRaBdbtYY8kX+AKKZwQz7K/4/cFyOBOkkvrE8evk62bnGyTVv3hGkyQYx3d3wcdMj X-Received: by 2002:a17:906:c010:: with SMTP id e16mr1120786ejz.91.1612476842462; Thu, 04 Feb 2021 14:14:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612476842; cv=none; d=google.com; s=arc-20160816; b=PZ8gT4EVlo15MKvK9npCgvtVvaNvezkvIdulpZ27ZyKRIZzMOlPox5E2wXY6ldYL8i SxZr6Kvc5yZPi088pIN9PldYAEB+6Jz51nfSOIKXKGMj07mADAC4O2S4H7Q9kQuiETFL YiP4aomA/4uqvR806jtSPP54U9+24uezO7LzOLnEI7dTnmsApsxVresJjl/oUBp4RxoI tO/ch4JPmnQ+chuoxXrFb0CxEDpmcQHr5SoSqewXnG82U45CV43sk5NsCsI5b/c+oc2I R5yUJq3Zatm+tWs+BDm9MKKOLqcfMjs0d9wEsA23iAFaq+9h+k4TyWFB0dYZqErB7dIR 6hng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=lme5oE8x0lnZr24m6NaKwIeyxiM+z23HWx3k7eJe6ig=; b=I23YI9rgbJZusQNNIKapAE/Q9fz4OTi569e9gE2jGI6q+z9U6gZ/QRtvudUsMZYIjM 9HELdocX0G54GdfykjFUIrzIQ0dog45ZU9fAw7o2DhKxHGGxxOxNnOoKpzP7PiWFdfmu ZkxeuW9Ll3dy6nWNj38Kxg7ZqJ4MPyfUoHt4ExYGvMWVRcqQ3urAS/P1aUQ43ATyE/Pj jAY7E7ctK1UZIe+bGo4qbXA3qlgtVv5MO8MnBrvyw2xZR0U4GPmICajwP0RrvQvy7QlT g699FXgmu1D15vEG2MWVbvRrUpAvp7qqAMKz7zy+NqFfOFP4oXtoK7uTXS69M6Ax1csF +3oA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z9si3874504eja.51.2021.02.04.14.13.36; Thu, 04 Feb 2021 14:14:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229774AbhBDWMl (ORCPT + 99 others); Thu, 4 Feb 2021 17:12:41 -0500 Received: from jabberwock.ucw.cz ([46.255.230.98]:36280 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229534AbhBDWMk (ORCPT ); Thu, 4 Feb 2021 17:12:40 -0500 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 6764D1C0B79; Thu, 4 Feb 2021 23:11:44 +0100 (CET) Date: Thu, 4 Feb 2021 23:11:43 +0100 From: Pavel Machek To: Timur Tabi Cc: Steven Rostedt , Petr Mladek , Sergey Senozhatsky , linux-kernel@vger.kernel.org, linux-mm@kvack.org, willy@infradead.org, akpm@linux-foundation.org, torvalds@linux-foundation.org, roman.fietze@magna.com, keescook@chromium.org, john.ogness@linutronix.de, akinobu.mita@gmail.com Subject: Re: [PATCH] lib/vsprintf: make-printk-non-secret printks all addresses as unhashed Message-ID: <20210204221143.GB13103@amd> References: <20210202201846.716915-1-timur@kernel.org> <20210204204835.GA7529@amd> <20210204155423.2864bf4f@gandalf.local.home> <20210204214944.GA13103@amd> <873d7e08-7a70-a1a3-f486-882d1d515965@kernel.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="tjCHc7DPkfUGtrlw" Content-Disposition: inline In-Reply-To: <873d7e08-7a70-a1a3-f486-882d1d515965@kernel.org> User-Agent: Mutt/1.5.23 (2014-03-12) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --tjCHc7DPkfUGtrlw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu 2021-02-04 15:59:21, Timur Tabi wrote: > On 2/4/21 3:49 PM, Pavel Machek wrote: > >This machine is insecure. Yet I don't see ascii-art *** all around.. > > > >"Kernel memory addresses are exposed, which is bad for security." >=20 > I'll use whatever wording everyone can agree on, but I really don't see m= uch > difference between "which may compromise security on your system" and "wh= ich > is bad for security". "may compromise" doesn't see any more alarmist than > "bad". Frankly, "bad" is a very generic term. Well, I agree that "bad" is vague.... but original wording is simply untrue, as printing addresses decreases robustness but can't introduce security problem on its own. Being alarmist is not my complaint; being untrue is. Best regards, Pavel --=20 http://www.livejournal.com/~pavelmachek --tjCHc7DPkfUGtrlw Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAmAccR8ACgkQMOfwapXb+vIf6QCdFo9gfAZzJ83XTjLr8/1dbIGv K+EAn1o1rnSVuT+Es2aMfbXenkksRbT/ =E+WM -----END PGP SIGNATURE----- --tjCHc7DPkfUGtrlw--