[Dailydave] On exploiting null ptr derefs, disabling SELinux, andsilently fixed Linux vulns
Michal Zalewski
lcamtuf at dione.ids.pl
Mon Mar 5 09:48:16 EST 2007
On Mon, 5 Mar 2007, TINNES Julien RD-MAPS-ISS wrote:
> That's exactly my point, you're not exploiting a userland application,
> so the paradigm is different, and _YOU_ can map page 0 because you've
> already got arbitrary code execution.
Julien,
I think we're getting splitting hairs over semantics here, and this list
is probably not a place to do this. If you wish, we might continue
off-list. It's my fault, of course, for starting this, but I hoped my post
to be taken more as a weak joke than a beginning of a flame war.
I do believe that the problem here arises from a missing check in kernel,
and not from the fact that straight dereference of null pointers in
kernel- or user-space is otherwise exploitable under normal conditions.
But that's just my opnion, and not even a particularly strong one.
I do find Brad's exploit interesting, the attack vector novel, and I do
think it's wrong for kernel developers to fix it the way they did.
/mz
More information about the Dailydave
mailing list