From owner-freebsd-security@FreeBSD.ORG  Sun Sep 27 19:43:21 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 183431065676;
	Sun, 27 Sep 2009 19:43:21 +0000 (UTC)
	(envelope-from brett@lariat.net)
Received: from lariat.net (lariat.net [66.119.58.2])
	by mx1.freebsd.org (Postfix) with ESMTP id 88D348FC0A;
	Sun, 27 Sep 2009 19:43:20 +0000 (UTC)
Received: from anne-o1dpaayth1.lariat.net (IDENT:ppp1000.lariat.net@lariat.net
	[66.119.58.2]) by lariat.net (8.9.3/8.9.3) with ESMTP id NAA14681;
	Sun, 27 Sep 2009 13:04:55 -0600 (MDT)
Message-Id: <200909271904.NAA14681@lariat.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Sun, 27 Sep 2009 13:04:30 -0600
To: Robert Watson <rwatson@freebsd.org>, Pieter de Boer <pieter@thedarkside.nl>
From: Brett Glass <brett@lariat.net>
In-Reply-To: <alpine.BSF.2.00.0909271937490.41451@fledge.watson.org>
References: <4AAF4A64.3080906@thedarkside.nl>
	<alpine.BSF.2.00.0909271937490.41451@fledge.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Mailman-Approved-At: Sun, 27 Sep 2009 20:25:34 +0000
Cc: freebsd-security@freebsd.org
Subject: Re: Protecting against kernel NULL-pointer derefs
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2009 19:43:21 -0000

As someone who has been frustrated by a disproportionate number of 
bugs related to null and wild pointer dereferencing, I'd opt for 
such an option to be incorporated in the next point release.

Perhaps, there could be two options: one to generate a warning in 
the log and then "fail soft" (e.g. by mapping a zero page) and 
another to cause a hard panic. The "fail soft" option would be 
particularly handy to help flush out bugs -- particularly in device 
drivers -- in preparation for making a hard panic the default at 
some future time. It would also provide a fallback for 
administrators, to allow them to keep their systems running while a 
bug was diagnosed and fixed.

--Brett Glass

At 12:39 PM 9/27/2009, Robert Watson wrote:

>FYI, changes are now going into head to implement this policy, 
>although by slightly different mechanisms.  I expect to see them 
>merged to various branches, and also to active security branches 
>(although disabled there by default using a sysctl so as not to 
>disturb existing setups unless desired by the administrator).
>
>Robert