| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Jun 2009 11:12:21 -0700 (PDT) From: Linus Torvalds <torvalds@...ux-foundation.org> To: "Larry H." <research@...reption.com> cc: Alan Cox <alan@...rguk.ukuu.org.uk>, Christoph Lameter <cl@...ux-foundation.org>, linux-mm@...ck.org, Rik van Riel <riel@...hat.com>, linux-kernel@...r.kernel.org, pageexec@...email.hu Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change ZERO_SIZE_PTR to point at unmapped space) On Wed, 3 Jun 2009, Larry H. wrote: > > Are you saying that a kernel exploit can't be leveraged by means of > runtime code injection for example? No. I'm sayng that sane people don't get hung up about every little possibility. Why are security people always so damn black-and-white? In most other areas, such people are called "crazy" or "stupid", but the security people seem to call them "normal". The fact, the NULL pointer attack is neither easy nor common. It's perfectly reasonable to say "we'll allow mmap at virtual address zero". Disallowing NULL pointer mmap's is one small tool in your toolchest, and not at all all-consumingly important or fundamental. It's just one more detail. Get over it. Don't expect everybody to be as extremist as you apparently are. Linus -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists