[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Linux "NULL pointer dereferece" in the News...





--- On Sun, 7/19/09, Daniel B. Thurman <dant cdkkt com> wrote:

> From: Daniel B. Thurman <dant cdkkt com>
> Subject: Re: Linux "NULL pointer dereferece" in the News...
> To: sundaram fedoraproject org, "Community assistance, encouragement, and advice for using Fedora." <fedora-list redhat com>
> Date: Sunday, July 19, 2009, 12:07 PM
> Rahul Sundaram wrote:
> > On 07/19/2009 11:09 PM, Tom Horsley wrote:
> >   
> >>> http://blog.namei.org/2009/07/18/a-brief-note-on-the-2630-kernel-null-pointer-vulnerability/
> >>>       
> >> Why on earth would I need an option named
> -fno-delete-null-pointer-checks?
> >> If there is a null pointer check in the source
> code, then it is there for
> >> a reason (maybe a bad reason, maybe a good one,
> but the compiler can't possibly
> >> know which kind :-). There has got to be a
> fundamental compiler bug here,
> >> and it is absurd to go adding compiler options
> that say "Oh, by the way,
> >> please don't run into this particular bug."
> >>
> >> What next? Will I need to compile with the
> options
> >>
> >> --do-not-alter-meaning-of-line-1
> --do-not-alter-meaning-of-line-2 ... ?
> >>     
> >
> > It is not so simple. This is not a compiler bug. I
> suggest you read
> > through http://lwn.net/Articles/341773/rss to
> understand why.
> >
> > Rahul
> >   
> Apparently, according to Brad Spengler, there are several
> things he claims that are involved, Gcc, SELinux (which
> causes PA exploits?), kernel issues (with structures?) and
> he seemed to imply the ignorance of those "in charge" to
> resolve these "exploits" and yet provides other issues
> which
> he claims are still unresolved?
> 
> Is there anything to worry about as far as Fedora's
> F1 --> F11 security being affected, if at all?
> 
> -- 

Maybe this is ONE BIG REASON why Fedora does not release a 2.6.30.X kernel?

No wonder that we are kind of behind the times because of this?

I was reading somewhere that PulseAudio could still live in Fedora(for those that have problems with it), just disable it and you will be alright like Tom and others say with selinux too.  

IMHO, sooner or later this and other problems will be resolved and the kernel, gcc, and selinux teams will find ways to protect us the end users.  Otherwise which things do we have to worry about and not do that we are not affected with these exploits?

Regards,

Antonio 


      


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]