Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Wed, 22 Jul 2009 18:30:39 +0200
From: yersinia <yersinia.spiros@...il.com>
To: oss-security@...ts.openwall.com
Cc: Brad Spengler <spender@...ecurity.net>, Marcus Meissner <meissner@...e.de>, 
	dailydave <dailydave@...ts.immunitysec.com>
Subject: Re: Re: [Dailydave] Linux 
	2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable

On Wed, Jul 22, 2009 at 5:04 PM, Todd Sabin<tsabin@...online.net> wrote:
> spender@...ecurity.net (Brad Spengler) writes:
>
>> (Really there should have been a CVE for the lack of
>> -fno-delete-null-pointer-checks instead of pretending the only problem
>> was /dev/net/tun....
>
> Just as a side note, it seems like gcc is missing an option, to me.
> Okay, it can figure out that some NULL pointer checks seem to be
> useless, and either optimize them away or leave them in.  What about
> issuing a warning?
>
> Where's -Wuseless-null-pointer-check?
>

Coverity opinion on this specific issue

http://blog.coverity.com/posts/general/would-you-like-to-know-about-0day-defects-months-in-advance

Regards

>
> Todd
>
> --
> Todd Sabin                                          <tsabin@...online.net>
>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ