[pso] New Linux Flaw Enables Null Pointer Exploits
Bogdan Tenea
tenea.bogdan at gmail.com
Tue Jul 21 01:05:22 EEST 2009
Eu n-am inteles faza din aricolu initial in care zicea ca ar fi compilatoru
de vina si dadeau exemplu:
struct sock *sk = tun->sk; // initialize sk with tun->sk
…
if (!tun)
return POLLERR; // if tun is NULL return error
Cum ar putea compilatorul sa scoata portiunea aia de cod, cand tun e
initializat la ceva, iar acel ceva poate sa fie bineinteles si null? Eu vad
problema in faptul ca se apeleaza tun->sk inainte sa se verifice daca tun nu
e null, si nu vreo optimizare de compilator
On Mon, Jul 20, 2009 at 2:32 PM, George Milescu <george.milescu at gmail.com>wrote:
> Salut.
>
> Versiunile de kernel 2.6.30 si 2.6.30.1 sunt afectate de o
> vulnerabilitate care permite rularea de cod arbitrar, trecand de
> protectiile SELinux si AppArmor. [1]
>
> E interesanta cauza pentru care apare gaura de securitate: "the
> compiler will introduce the vulnerability to the binary code, which
> didn't exist in the source code".
>
> [1]
> http://threatpost.com/blogs/researcher-uses-new-linux-kernel-flaw-bypass-selinux-other-protections
>
> --
> George Milescu
> _______________________________________________
> pso mailing list
> pso at cursuri.cs.pub.ro
> http://cursuri.cs.pub.ro/cgi-bin/mailman/listinfo/pso
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cursuri.cs.pub.ro/pipermail/pso/attachments/20090721/522affd3/attachment.htm>
More information about the pso
mailing list