Ah! A wild Troup appears! :) On Thu, Mar 05, 2020 at 07:22:31AM +0100, James Troup wrote: > Kees Cook <keescook@xxxxxxxxxxxx> writes: > > > diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst > > index f9f196d3a69b..a4db119f4e09 100644 > > --- a/Documentation/process/deprecated.rst > > +++ b/Documentation/process/deprecated.rst > > @@ -109,6 +109,23 @@ the given limit of bytes to copy. This is inefficient and can lead to > > linear read overflows if a source string is not NUL-terminated. The > > safe replacement is :c:func:`strscpy`. > > > > +%p format specifier > > +------------------- > > +Using %p in format strings leads to a huge number of address exposures. > > Perhaps this sentence should be in the past tense, since %p currently > prints a hashed value? Yeah, good point; that should be more clear. > > > +Instead of leaving these to be exploitable, "%p" should not be used in > > +the kernel. > > On its face, this seems to contradict the guidance below? > > > If used currently, it is a hashed value, rendering it > > Perhaps: s/it is/it prints/ ? I'll rewrite this whole area... > > > +unusable for addressing. Paraphrasing Linus's current `guideance > > <https://lore.kernel.org/lkml/CA+55aFwQEd_d40g4mUCSsVRZzrFPUJt74vc6PPpb675hYNXcKw@xxxxxxxxxxxxxx/>`_: > > Typo: guidance Thanks for the review! I wonder why ":set spell" missed that... -Kees -- Kees Cook
