lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.2.01.0906031109150.4880@localhost.localdomain>
Date:	Wed, 3 Jun 2009 11:12:21 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	"Larry H." <research@...reption.com>
cc:	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Christoph Lameter <cl@...ux-foundation.org>,
	linux-mm@...ck.org, Rik van Riel <riel@...hat.com>,
	linux-kernel@...r.kernel.org, pageexec@...email.hu
Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change
 ZERO_SIZE_PTR to point at unmapped space)



On Wed, 3 Jun 2009, Larry H. wrote:
> 
> Are you saying that a kernel exploit can't be leveraged by means of
> runtime code injection for example?

No. I'm sayng that sane people don't get hung up about every little 
possibility.

Why are security people always so damn black-and-white? In most other 
areas, such people are called "crazy" or "stupid", but the security people 
seem to call them "normal".

The fact, the NULL pointer attack is neither easy nor common. It's 
perfectly reasonable to say "we'll allow mmap at virtual address zero".

Disallowing NULL pointer mmap's is one small tool in your toolchest, and 
not at all all-consumingly important or fundamental. It's just one more 
detail.

Get over it. Don't expect everybody to be as extremist as you apparently 
are.

			Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ