Linux "NULL pointer dereferece" in the News...

Daniel B. Thurman dant at cdkkt.com
Sun Jul 19 17:06:15 UTC 2009


Tom Horsley wrote:
> On Sun, 19 Jul 2009 09:47:44 -0700
> Daniel B. Thurman wrote:
>
>   
>> Is this "old news", rehashed (news) hype, or what?
>>     
>
> Sounds like a compiler bug to me. If the compiler is removing
> a null pointer check for a pointer which could in fact be
> null, then clearly the optimizer has gone off the deep end.
>
> I do love that it only happens on systems with selinux or
> pulseaudio, both of which I eradicate to the fullest extent
> possible as soon as I finish the initial install :-).
>
>   
It is done via compiler optimization.  Look at the link aprovided
nd there also another link within that provides the source code
to demonstrate the exploit.  There is also in the comments, several
uTube videos with demonstration and so that means those hackers
that wish to start exploiting are gonna have a field day?

The authors seems to be "bashing" SELinux and Pulse Audio
as they claim that both weakens security and gives details
of this.

Have a read of the exploit.c code and judge for yourself?




More information about the fedora-list mailing list