From owner-freebsd-security@FreeBSD.ORG Tue Sep 15 12:42:29 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA2841065695 for ; Tue, 15 Sep 2009 12:42:29 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id AC0F68FC13 for ; Tue, 15 Sep 2009 12:42:29 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id C24A06D41B; Tue, 15 Sep 2009 12:42:28 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 8748E8449F; Tue, 15 Sep 2009 14:42:28 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Pieter de Boer References: <4AAF4A64.3080906@thedarkside.nl> <86ab0w2z05.fsf@ds4.des.no> <4AAF8775.7000002@thedarkside.nl> Date: Tue, 15 Sep 2009 14:42:28 +0200 In-Reply-To: <4AAF8775.7000002@thedarkside.nl> (Pieter de Boer's message of "Tue, 15 Sep 2009 14:24:21 +0200") Message-ID: <8663bk2xcb.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.95 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: Protecting against kernel NULL-pointer derefs X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2009 12:42:30 -0000 Pieter de Boer writes: > Dag-Erling Sm=C3=B8rgrav writes: > > Pieter de Boer writes: > > > Given the amount of NULL-pointer dereference vulnerabilities in > > > the FreeBSD kernel that have been discovered of late, > > Specify "amount" and define "of late". > 'amount' =3D> 2, 'of late' is more figure of speech than anything > else. For me, amount was high enough to get interested and 'of late' > may be because I've not been looking long enough. A search of FreeBSD security advisories shows two in the last four years, plus the current unreleased issue. I agree that there is no reason to allow applications to mmap() at address 0, but surely there must be a better way to make your case than to sow FUD? DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no