On Mon, Nov 27, 2017 at 3:40 PM, Tobin C. Harding <me@xxxxxxxx> wrote:
> Finally, with this patch set in place, we have the added benefit that
> newbies (me) can quietly go around the kernel 'sweeping up' after
> leaking addresses. This as apposed to using a hammer and hashing all
> %p. And if this is deemed too little and too slow we can always search
> and replace '%p' with '%px'.
So the big remaining ones for me are the /proc/<pid>/stack (stack
pointers) and the /proc/net/* ones.
I'm a bit disappointed that those haven't been fixed already and
aren't even in this series..
Since I was the proponent of the whole "leaking_addresses" script
model, I guess I can't complain when %p isn't then just made to hash
everything, but it does feel like this has been dragging out a bit..
Linus
