New Linux Flaw Enables Null Pointer Exploits

D. Hugh Redelmeier hugh-pmF8o41NoarQT0dZR+AlfA at
Sun Jul 19 15:30:36 UTC 2009

| From: Robert Brockway <robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at>

| On Sat, 18 Jul 2009, Jamon Camisso wrote:
| > It is an interesting bug because it is a compiler related optimization that
| > creates the conditions necessary to exploit it.
| Yes. Unfortunately compiler optimisation bugs are more common that a lot of
| people expect.  They are very frustrating as a review of the source code won't
| reveal the bug.  Only testing or a review of the binary will.

Actually this is not a compiler bug.  A surprising optimization, yes.
But a correct one.

What I have not understood is why the null-pointer dereference does
not generate a kernel oops.  The articles seem to wave their hands and
say things like "mmap" and "SELinux", but that makes no sense to me.
This is a kernel null pointer and mmap deals with userland address
spaces.  Surely SELinux would not prevent null-pointer detection in
the kernel address space.
The Toronto Linux Users Group.      Meetings:
TLUG requests: Linux topics, No HTML, wrap text below 80 columns

More information about the Legacy mailing list