| |||||||||||||
|
| |||||||||||||
Yes, this is a compiler bug.Yes, this is a compiler bug.Posted Jul 18, 2009 17:20 UTC (Sat) by xilun (subscriber, #50638)In reply to: Yes, this is a compiler bug. by xoddam Parent article: Linux 2.6.30 exploit posted
So if you move the compiler out of the C standard respecting equation then this is a compiler bug? Makes absolutely no sense. This is a C compiler, not a "I would prefer it do that" compiler. You should better define your own langage where dereferencing a NULL pointer is NOT undefined.
The platform is defined by the compiler and the runtime. The compiler definitely has the right to consider that dereferencing a NULL pointer is something that is always undefined, because, well, the standard precisely says that. There is no story of mapping or not mapping pages at this point : NULL pointer dereferencing an undefined behavior is, and NULL pointer dereferencing an undefined behavior stays. A NULL pointer has been dereferenced, the behavior is undefined (and it's not very surprising that an undefined behavior as per a standard can be an exploitable security hole). This is as simple as that.
The bug also is in allowing to map address 0, which can't be a sane way to serve a sane purpose.
(Log in to post comments)
Yes, this is a compiler bug. Posted Jul 18, 2009 22:53 UTC (Sat) by mstefani (subscriber, #31644) [Link]
> The bug also is in allowing to map address 0, which can't be a sane way to serve a sane purpose.
If you happen to need to run a DOS program in Wine or sometimes even a Win32 application that still uses some DOS calls then you need access to the memory at 0x00000000. http://wiki.winehq.org/PreloaderPageZeroProblem
Yes, this is a compiler bug. Posted Jul 19, 2009 0:07 UTC (Sun) by xilun (subscriber, #50638) [Link]
I could argue that supporting program written for broken systems is not a sane purpose ;)
|
|
||||||||||||