Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns

From: "Dave Korn" <dave.korn () artimi com>
Date: Tue, 6 Mar 2007 14:34:39 -0000
On 05 March 2007 14:51, Michal Zalewski wrote:


On Mon, 5 Mar 2007, Michal Zalewski wrote:


The flaw is caused by a missing check that allows you to gain access to
the first physical page of memory, which you can then read or write.


And yeah, that's incorrect. I misread the exploit; it indeed relies on
planting readable 0x0000000 in process memory for the kernel to tap into.


  So why doesn't linux do like 'doze does, and permanently map a guard page at
0x0 in all user-spaces?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: