Kees Cook <keescook@xxxxxxxxxxxx> writes: > diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst > index f9f196d3a69b..a4db119f4e09 100644 > --- a/Documentation/process/deprecated.rst > +++ b/Documentation/process/deprecated.rst > @@ -109,6 +109,23 @@ the given limit of bytes to copy. This is inefficient and can lead to > linear read overflows if a source string is not NUL-terminated. The > safe replacement is :c:func:`strscpy`. > > +%p format specifier > +------------------- > +Using %p in format strings leads to a huge number of address exposures. Perhaps this sentence should be in the past tense, since %p currently prints a hashed value? > +Instead of leaving these to be exploitable, "%p" should not be used in > +the kernel. On its face, this seems to contradict the guidance below? > If used currently, it is a hashed value, rendering it Perhaps: s/it is/it prints/ ? > +unusable for addressing. Paraphrasing Linus's current `guideance > <https://lore.kernel.org/lkml/CA+55aFwQEd_d40g4mUCSsVRZzrFPUJt74vc6PPpb675hYNXcKw@xxxxxxxxxxxxxx/>`_: Typo: guidance > +- Just use %p and get the hashed value. -- James
