Re: Security fix for remapping of page 0 (was [PATCH] Change ZERO_SIZE_PTR to point at unmapped space)

[pageexec]

On 3 Jun 2009 at 11:45, Linus Torvalds wrote:

> 
> 
> On Wed, 3 Jun 2009, Larry H. wrote:
> > > 
> > > The fact, the NULL pointer attack is neither easy nor common. It's 
> > > perfectly reasonable to say "we'll allow mmap at virtual address zero".
> > 
> > And how could you calibrate if this attack venue isn't easy to take
> > advantage of? Or not commonly abused? What empirical results led you to this
> > conclusion?
> 
> It's not a primary attack vector. You need to have already broken local 
> security to get there - you need to be able to execute code.

during last summer's flame war^W^Wdiscussion about how you guys were covering
up security fixes you brought an example of smart university students breaking
communal boxes left and right. are you now saying that it was actually a strawman
argument as you consider that situation already broken? you can't have it both
ways ;).

> That means that you've already by-passed all the main security. It's thus 
> by definition less common than attack vectors like buffer overflows that 
> give you that capability in the first place.

that only means that you've ignored multi-user boxes.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/