| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <eg6bst$7r1$2@taverner.cs.berkeley.edu> Date: Fri, 6 Oct 2006 19:47:41 +0000 (UTC) From: daw@...berkeley.edu (David Wagner) To: linux-kernel@...r.kernel.org Subject: Re: Really good idea to allow mmap(0, FIXED)? Jan Engelhardt wrote: >For reference, please see http://lkml.org/lkml/2006/2/22/90 Thanks. Ok, I've read that. That was helpful. But I think this risk is more serious than was realized in that thread from February. The February thread you mention talked about the security consequences of calling (dereferencing) a function pointer that is NULL. The security consequences are indeed bad. However, that thread only discussed the security consequences of NULL pointer bugs involving function pointers, and there was no indication in that thread that other types of NULL pointer bugs had any security relevance. But now it seems, as I described in my email, that all NULL pointer bugs (whether function pointers or not) have the potential to create security vulnerabilities. Every NULL pointer bug has to be viewed with suspicion, until it has been confirmed that it cannot be exploited. This sounds more serious than was realized back in February. Right? Or am I missing something important again? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists