New Linux Flaw Enables Null Pointer Exploits
D. Hugh Redelmeier
hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org
Sun Jul 19 15:30:36 UTC 2009
| From: Robert Brockway <robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org>
| On Sat, 18 Jul 2009, Jamon Camisso wrote:
| > It is an interesting bug because it is a compiler related optimization that
| > creates the conditions necessary to exploit it.
| Yes. Unfortunately compiler optimisation bugs are more common that a lot of
| people expect. They are very frustrating as a review of the source code won't
| reveal the bug. Only testing or a review of the binary will.
Actually this is not a compiler bug. A surprising optimization, yes.
But a correct one.
What I have not understood is why the null-pointer dereference does
not generate a kernel oops. The articles seem to wave their hands and
say things like "mmap" and "SELinux", but that makes no sense to me.
This is a kernel null pointer and mmap deals with userland address
spaces. Surely SELinux would not prevent null-pointer detection in
the kernel address space.
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy