[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.2.01.0906031109150.4880@localhost.localdomain>
Date: Wed, 3 Jun 2009 11:12:21 -0700 (PDT)
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: "Larry H." <research@...reption.com>
cc: Alan Cox <alan@...rguk.ukuu.org.uk>,
Christoph Lameter <cl@...ux-foundation.org>,
linux-mm@...ck.org, Rik van Riel <riel@...hat.com>,
linux-kernel@...r.kernel.org, pageexec@...email.hu
Subject: Re: Security fix for remapping of page 0 (was [PATCH] Change
ZERO_SIZE_PTR to point at unmapped space)
On Wed, 3 Jun 2009, Larry H. wrote:
>
> Are you saying that a kernel exploit can't be leveraged by means of
> runtime code injection for example?
No. I'm sayng that sane people don't get hung up about every little
possibility.
Why are security people always so damn black-and-white? In most other
areas, such people are called "crazy" or "stupid", but the security people
seem to call them "normal".
The fact, the NULL pointer attack is neither easy nor common. It's
perfectly reasonable to say "we'll allow mmap at virtual address zero".
Disallowing NULL pointer mmap's is one small tool in your toolchest, and
not at all all-consumingly important or fundamental. It's just one more
detail.
Get over it. Don't expect everybody to be as extremist as you apparently
are.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists