Linux 2.6.30 exploit posted
Posted Jul 19, 2009 0:58 UTC (Sun) by mikov
In reply to: Linux 2.6.30 exploit posted
Parent article: Linux 2.6.30 exploit posted
Previous kernels aren't vulnerable to this particular bug (but may be vulnerable to other bugs that not having the gcc optimization turned off made exploitable).
Can you explain why you think that this is a common pattern in the kernel - using a pointer, and only later checking it was null?
It seems to me that it is highly unlikely to have other code affected by this problem. The bug is just horrible code and the kernel is not _that_ bad.
And that is even ignoring the fact that nobody should be doing NULL pointer deferences to begin with. My understanding is that unmapping the NULL page is a mainly diagnostic feature - not a security measure.
to post comments)