Re: [PATCH 3/3] vsprintf: ignore %n again

From: Andrew Morton
Date: Tue Oct 08 2013 - 16:28:52 EST

Next message: Olof Johansson: "Re: [PATCH v5 3/4] ARM: S3C24XX: add platform-devices for new dmadriver for s3c2412 and s3c2443"
Previous message: Bjorn Helgaas: "Re: remove unneeded semicolons"
Next in thread: Kees Cook: "Re: [PATCH 3/3] vsprintf: ignore %n again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 7 Oct 2013 19:56:51 -0700 Kees Cook <keescook@xxxxxxxxxxxx> wrote:

> This ignores %n in printf again, as was originally documented. Implementing
> %n poses a greater security risk than utility, so it should stay ignored.
> To help anyone attempting to use %n, a warning will be emitted if it is
> encountered.
>
> Based on earlier patch by Joe Perches.

Well this sucks. Nowhere in this patchset are we told what is the
alleged security risk with %n. There's even a runtime warning telling
people not to use it, but we've provided no way for them to find out
*why*.

Please send along suitable changelog text so I can fix this up.

A new checkpatch rule might be appropriate?

Two of these patches were acked-by:you. But you sent the patches, so I
changed these to Signed-off-by:, as per
Documentation/SubmittingPatches, section 12.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Olof Johansson: "Re: [PATCH v5 3/4] ARM: S3C24XX: add platform-devices for new dmadriver for s3c2412 and s3c2443"
Previous message: Bjorn Helgaas: "Re: remove unneeded semicolons"
Next in thread: Kees Cook: "Re: [PATCH 3/3] vsprintf: ignore %n again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]