Protecting against kernel NULL-pointer derefs
Dag-Erling Smørgrav
des at des.no
Tue Sep 15 12:06:36 UTC 2009
Pieter de Boer <pieter at thedarkside.nl> writes:
> Given the amount of NULL-pointer dereference vulnerabilities in the
> FreeBSD kernel that have been discovered of late,
Specify "amount" and define "of late".
> By disallowing userland to map pages at address 0x0 (and a bit beyond),
> it is possible to make such NULL-pointer deref bugs mere DoS'es instead
> of code execution bugs. Linux has implemented such a protection for a
> long while now, by disallowing page mappings on 0x0 - 0xffff.
Yes, that really worked out great for them:
http://isc.sans.org/diary.html?storyid=6820
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list