Re: Really good idea to allow mmap(0, FIXED)?

[David Wagner]

Jan Engelhardt  wrote:
>For reference, please see http://lkml.org/lkml/2006/2/22/90

Thanks.  Ok, I've read that.  That was helpful.  But I think this risk
is more serious than was realized in that thread from February.

The February thread you mention talked about the security consequences of
calling (dereferencing) a function pointer that is NULL.  The security
consequences are indeed bad.  However, that thread only discussed the
security consequences of NULL pointer bugs involving function pointers,
and there was no indication in that thread that other types of NULL
pointer bugs had any security relevance.

But now it seems, as I described in my email, that all NULL pointer bugs
(whether function pointers or not) have the potential to create security
vulnerabilities.  Every NULL pointer bug has to be viewed with suspicion,
until it has been confirmed that it cannot be exploited.  This sounds more
serious than was realized back in February.

Right?  Or am I missing something important again?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/