Linux "NULL pointer dereferece" in the News...
Antonio Olivares
olivares14031 at yahoo.com
Sun Jul 19 19:16:58 UTC 2009
--- On Sun, 7/19/09, Daniel B. Thurman <dant at cdkkt.com> wrote:
> From: Daniel B. Thurman <dant at cdkkt.com>
> Subject: Re: Linux "NULL pointer dereferece" in the News...
> To: sundaram at fedoraproject.org, "Community assistance, encouragement, and advice for using Fedora." <fedora-list at redhat.com>
> Date: Sunday, July 19, 2009, 12:07 PM
> Rahul Sundaram wrote:
> > On 07/19/2009 11:09 PM, Tom Horsley wrote:
> >
> >>> http://blog.namei.org/2009/07/18/a-brief-note-on-the-2630-kernel-null-pointer-vulnerability/
> >>>
> >> Why on earth would I need an option named
> -fno-delete-null-pointer-checks?
> >> If there is a null pointer check in the source
> code, then it is there for
> >> a reason (maybe a bad reason, maybe a good one,
> but the compiler can't possibly
> >> know which kind :-). There has got to be a
> fundamental compiler bug here,
> >> and it is absurd to go adding compiler options
> that say "Oh, by the way,
> >> please don't run into this particular bug."
> >>
> >> What next? Will I need to compile with the
> options
> >>
> >> --do-not-alter-meaning-of-line-1
> --do-not-alter-meaning-of-line-2 ... ?
> >>
> >
> > It is not so simple. This is not a compiler bug. I
> suggest you read
> > through http://lwn.net/Articles/341773/rss to
> understand why.
> >
> > Rahul
> >
> Apparently, according to Brad Spengler, there are several
> things he claims that are involved, Gcc, SELinux (which
> causes PA exploits?), kernel issues (with structures?) and
> he seemed to imply the ignorance of those "in charge" to
> resolve these "exploits" and yet provides other issues
> which
> he claims are still unresolved?
>
> Is there anything to worry about as far as Fedora's
> F1 --> F11 security being affected, if at all?
>
> --
Maybe this is ONE BIG REASON why Fedora does not release a 2.6.30.X kernel?
No wonder that we are kind of behind the times because of this?
I was reading somewhere that PulseAudio could still live in Fedora(for those that have problems with it), just disable it and you will be alright like Tom and others say with selinux too.
IMHO, sooner or later this and other problems will be resolved and the kernel, gcc, and selinux teams will find ways to protect us the end users. Otherwise which things do we have to worry about and not do that we are not affected with these exploits?
Regards,
Antonio
More information about the fedora-list
mailing list