Protecting against kernel NULL-pointer derefs
Brett Glass
brett at lariat.net
Sun Sep 27 19:43:21 UTC 2009
As someone who has been frustrated by a disproportionate number of
bugs related to null and wild pointer dereferencing, I'd opt for
such an option to be incorporated in the next point release.
Perhaps, there could be two options: one to generate a warning in
the log and then "fail soft" (e.g. by mapping a zero page) and
another to cause a hard panic. The "fail soft" option would be
particularly handy to help flush out bugs -- particularly in device
drivers -- in preparation for making a hard panic the default at
some future time. It would also provide a fallback for
administrators, to allow them to keep their systems running while a
bug was diagnosed and fixed.
--Brett Glass
At 12:39 PM 9/27/2009, Robert Watson wrote:
>FYI, changes are now going into head to implement this policy,
>although by slightly different mechanisms. I expect to see them
>merged to various branches, and also to active security branches
>(although disabled there by default using a sysctl so as not to
>disturb existing setups unless desired by the administrator).
>
>Robert
More information about the freebsd-security
mailing list