User: Password:
|
|
Subscribe / Log in / New account

not new

not new

Posted Aug 18, 2009 16:35 UTC (Tue) by Trou.fr (subscriber, #26289)
Parent article: Null pointers, one month later

Null pointer dereferences vulnerabilities are an old class of bugs, only recently measures have been taken in the mainline kernel to guard against their exploitation. An example from 2005 : http://lkml.org/lkml/2005/5/29/127

Also, PaX introduced UDEREF in 2006 to protect against it (note that it's not complete since the kernel can access code in userland, KERNEXEC protects against this).


(Log in to post comments)

not new

Posted Aug 19, 2009 12:01 UTC (Wed) by spender (subscriber, #23067) [Link]

The PaX team published an extensive writeup on UDEREF/KERNEXEC in relation to various kinds of invalid userland access bugs here:

http://forums.grsecurity.net/viewtopic.php?f=3&t=2177...

-Brad

merge

Posted Aug 20, 2009 5:25 UTC (Thu) by pabs (subscriber, #43278) [Link]

So when will UDEREF/KERNEXEC be merged into Linus' tree?

merge

Posted Aug 20, 2009 12:28 UTC (Thu) by spender (subscriber, #23067) [Link]

Linus refuses to accept new code that makes use of x86 segmentation, even if such usage involves a configurable option. So there will be no UDEREF/KERNEXEC in the mainline kernel. Little bits and pieces of other features/modifications may be picked up by people who read the patch (like the *_operations constifying -- though in vanilla this matters only for people using CONFIG_DEBUG_RODATA, or fixing up page protections on modules, etc) but we won't be committing them ourselves.

From time to time though we may/do submit bug reports if for instance, UDEREF or KERNEXEC catches a bug in the vanilla kernel. There's an example we saw recently where some module if given a parameter would attempt to modify some read-only memory, caught by KERNEXEC.

-Brad

merge

Posted Aug 22, 2009 6:40 UTC (Sat) by pabs (subscriber, #43278) [Link]

What about getting it into the staging tree, -mm or linux-next?


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds