Date: Tue, 15 Sep 2009 14:06:34 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Pieter de Boer <pieter@thedarkside.nl> Cc: freebsd-security@freebsd.org Subject: Re: Protecting against kernel NULL-pointer derefs Message-ID: <86ab0w2z05.fsf@ds4.des.no> In-Reply-To: <4AAF4A64.3080906@thedarkside.nl> (Pieter de Boer's message of "Tue, 15 Sep 2009 10:03:48 %2B0200") References: <4AAF4A64.3080906@thedarkside.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Pieter de Boer <pieter@thedarkside.nl> writes: > Given the amount of NULL-pointer dereference vulnerabilities in the > FreeBSD kernel that have been discovered of late, Specify "amount" and define "of late". > By disallowing userland to map pages at address 0x0 (and a bit beyond), > it is possible to make such NULL-pointer deref bugs mere DoS'es instead > of code execution bugs. Linux has implemented such a protection for a > long while now, by disallowing page mappings on 0x0 - 0xffff. Yes, that really worked out great for them: http://isc.sans.org/diary.html?storyid=3D6820 DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86ab0w2z05.fsf>