From owner-freebsd-security@FreeBSD.ORG  Tue Sep 15 15:52:10 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 97E54106566B
	for <freebsd-security@freebsd.org>;
	Tue, 15 Sep 2009 15:52:10 +0000 (UTC)
	(envelope-from przemyslaw@frasunek.com)
Received: from lagoon.freebsd.lublin.pl (lagoon.freebsd.lublin.pl
	[193.138.118.3])
	by mx1.freebsd.org (Postfix) with ESMTP id 556718FC16
	for <freebsd-security@freebsd.org>;
	Tue, 15 Sep 2009 15:52:10 +0000 (UTC)
Received: from [193.138.118.98] (ip-193-138-118-98.nette.pl [193.138.118.98])
	by lagoon.freebsd.lublin.pl (Postfix) with ESMTPSA id 2C451C54C08;
	Tue, 15 Sep 2009 17:36:15 +0200 (CEST)
Message-ID: <4AAFB465.4010901@frasunek.com>
Date: Tue, 15 Sep 2009 17:36:05 +0200
From: Przemyslaw Frasunek <przemyslaw@frasunek.com>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= <des@des.no>
References: <4AAF4A64.3080906@thedarkside.nl>
	<86ab0w2z05.fsf@ds4.des.no>	<4AAF8775.7000002@thedarkside.nl>
	<8663bk2xcb.fsf@ds4.des.no>
In-Reply-To: <8663bk2xcb.fsf@ds4.des.no>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: freebsd-security@freebsd.org, Pieter de Boer <pieter@thedarkside.nl>
Subject: Re: Protecting against kernel NULL-pointer derefs
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2009 15:52:10 -0000

Dag-Erling Smørgrav:
> A search of FreeBSD security advisories shows two in the last four
> years, plus the current unreleased issue.

There are three NULL pointer dereference issues, that I found in last
month, but probably more to come, so implementing some kind of zero page
protection should be considered.

The first one affects 6.1 and it was made public in August:

http://www.frasunek.com/kqueue.txt

Another one affects 6.4 and is currently handled by secteam. Advisory
will be released on Wednesday.

The last one, as demonstrated on http://www.vimeo.com/6580991 affects
7.x up to 7.2 and 6.x up to 6.4. I'm not going to disclose any details
before official security advisory.