Date: Tue, 15 Sep 2009 14:42:28 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Pieter de Boer <pieter@thedarkside.nl> Cc: freebsd-security@freebsd.org Subject: Re: Protecting against kernel NULL-pointer derefs Message-ID: <8663bk2xcb.fsf@ds4.des.no> In-Reply-To: <4AAF8775.7000002@thedarkside.nl> (Pieter de Boer's message of "Tue, 15 Sep 2009 14:24:21 %2B0200") References: <4AAF4A64.3080906@thedarkside.nl> <86ab0w2z05.fsf@ds4.des.no> <4AAF8775.7000002@thedarkside.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Pieter de Boer <pieter@thedarkside.nl> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > Pieter de Boer <pieter@thedarkside.nl> writes: > > > Given the amount of NULL-pointer dereference vulnerabilities in > > > the FreeBSD kernel that have been discovered of late, > > Specify "amount" and define "of late". > 'amount' =3D> 2, 'of late' is more figure of speech than anything > else. For me, amount was high enough to get interested and 'of late' > may be because I've not been looking long enough. A search of FreeBSD security advisories shows two in the last four years, plus the current unreleased issue. I agree that there is no reason to allow applications to mmap() at address 0, but surely there must be a better way to make your case than to sow FUD? DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8663bk2xcb.fsf>