Spec#, nullables and more

Bruno Medeiros brunodomedeiros+spam at com.gmail
Fri Nov 26 09:28:23 PST 2010 

On 25/11/2010 16:55, Daniel Gibson wrote:
> On Thu, Nov 25, 2010 at 5:28 PM, Bruno Medeiros
> <brunodomedeiros+spam at com.gmail>  wrote:
>> On 05/11/2010 18:52, Daniel Gibson wrote:
>>>
>>> Walter Bright schrieb:
>>>>
>>>>
>>>> It's infinitely worse. Null pointers do not result in memory
>>>> corruption, buffer overflows, and security breaches.
>>>>
>>>
>>> Not entirely true: Null Pointer dereferences *have* been used for
>>> security breaches, see for example: http://lwn.net/Articles/342330/
>>> The problem is that one can mmap() to 0/NULL so it can be dereferenced
>>> without causing a crash.
>>>
>>> Of course this is also a problem of the OS, it shouldn't allow mmap()ing
>>> to NULL in the first place (it's now forbidden by default on Linux and
>>> FreeBSD afaik) - but some software (dosemu, wine) doesn't work without it.
>>>
>>> Cheers,
>>> - Daniel
>>
>> I think Walter's point remains true: null pointers bugs are an order of
>> magnitude less important, if not downright insignificant, with regards to
>> security breaches.
>
> No, that wasn't his point - he thought it was *impossible* to exploit null
> pointers ("Null pointers do not result in memory corruption, buffer overflows,
> and security breaches.") and I merely pointed out that this is not correct.
> I didn't say anything about significance for average applications :-)
>

Yes, Walter's statement that it is impossible for a null pointer to 
cause a security vulnerability is (likely) incorrect.
But his point at large, considering the discussion that preceded the 
comment, was that null pointers are utterly insignificant with regards 
to security vulnerabilities.

And I agree with that, and because of that I'm suprised and curious to 
understand why Hoare mentioned (in the abstract on the link posted 
originally), that null pointers have caused "innumerable vulnerabilities.


>>
>> I mean, from my understanding of that article, a NPE bug on its own is not
>> enough to allow an exploit, but other bugs/exploits need to be be present.
>
> Well it could be used by a non-privileged user to get root privileges.
> If you only have "friendly" non-privileged users you need an exploit
> to make them
> execute the kernel exploit, of course.
>
> But I agree that this kind of bug is not as relevant as others (for most users)
>   - you won't have it in regular programs but only in kernels I guess.
> (Of course it could work in regular programs as well, but you won't get more
> privileges then you had before. Also I may be completely wrong on this and
> maybe there is some way to gain something by using this kind of exploit
> on regular programs.)
>

By "exploit", I didn't mean to necessarily imply privilege escalation. I 
meant arbitrary code execution, with or without privilege escalation. (I 
don't know if this usage of the term is common in the security 
community, maybe not)

So, going back, is it correct to say that an NPE bug on its own is not 
enough to allow arbitrary code execution, but that other vulnerabilities 
are necessary?


-- 
Bruno Medeiros - Software Engineer

More information about the Digitalmars-d mailing list