On Wed, Oct 25, 2017 at 7:53 PM, Tobin C. Harding <m...@tobin.cc> wrote: > Here is the behaviour that this set implements. > > For kpt_restrict==0 > > Randomness not ready: > printed with %p: (pointer) # NOTE: with padding > Valid pointer: > printed with %pK: deadbeefdeadbeef > printed with %p: 0xdeadbeef > malformed specifier (eg %i): 0xdeadbeef
I really think we can't include SPECIAL unless _every_ callsite of %p is actually doing "0x%p", and then we're replacing all of those. We're not doing that, though... $ git grep '%p\b' | wc -l 12766 $ git grep '0x%p\b' | wc -l 1837 If we need some kind of special marking that this is a hashed variable, that should be something other than "0x". If we're using the existing "(null)" and new "(pointer)" text, maybe "(hash:xxxxxx)" should be used instead? Then the (rare) callers with 0x become "0x(hash:xxxx)" and naked callers produce "(hash:xxxx)". I think the first step for this is to just leave SPECIAL out. -Kees -- Kees Cook Pixel Security
