Date: Tue, 15 Sep 2009 15:00:59 +0200 From: Pieter de Boer <pieter@thedarkside.nl> To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= <des@des.no> Cc: freebsd-security@freebsd.org Subject: Re: Protecting against kernel NULL-pointer derefs Message-ID: <4AAF900B.8010900@thedarkside.nl> In-Reply-To: <8663bk2xcb.fsf@ds4.des.no> References: <4AAF4A64.3080906@thedarkside.nl> <86ab0w2z05.fsf@ds4.des.no> <4AAF8775.7000002@thedarkside.nl> <8663bk2xcb.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smørgrav wrote: >> 'amount' => 2, 'of late' is more figure of speech than anything >> else. For me, amount was high enough to get interested and 'of late' >> may be because I've not been looking long enough. > > A search of FreeBSD security advisories shows two in the last four > years, plus the current unreleased issue. I agree that there is no > reason to allow applications to mmap() at address 0, but surely there > must be a better way to make your case than to sow FUD? I have no intention to sow FUD. Three such advisories is not much, but if there is a simple/inexpensive way to ensure that such bugs are not exploitable to gain root, I think 'we' should consider it. -- Pieter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AAF900B.8010900>