Re: Security fix for remapping of page 0 (was [PATCH] ChangeZERO_SIZE_PTR to point at unmapped space)

[Linus Torvalds]

On Wed, 3 Jun 2009, Linus Torvalds wrote:
> 
> That means that you've already by-passed all the main security. It's thus 
> by definition less common than attack vectors like buffer overflows that 
> give you that capability in the first place.

Btw, you obviously need to then _also_ pair it with some as-yet-unknown 
case of kernel bug to get to that NULL pointer (or zero-sized-alloc 
pointer) problem. 

You _also_ seem to be totally ignoring the fact that we already _do_ 
protect against NULL pointers by default.

So I really don't see why you're making a big deal of this. It's as if you 
were talking about us not randomizing the address space - sure, you can 
turn it off, but so what? We do it by default.

So it boils down to:

 - NULL pointers already cannot be in mmap memory (unless a distro has 
   done something wrong - outside of the kernel)

 - What's your beef? Let it go, man.

			Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/