Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Fixing Linux

Aug 20, 2009, 20:04 (0 Talkback[s])
(Other stories by Steven J. Vaughan-Nichols)

[ Thanks to Steven J. Vaughan-Nichols for this link. ]

"What he found was that in some network code, there was a procedure that included a variable that could be set to NULL (no value at all). Now, this didn't appear to be a problem because the programmer also included a test which would return an error-message if the variable turned out to have a NULL value.

"So far, so good. Unfortunately, the gcc code optimizer on finding that a variable has been assigned a NULL value removed the test! This left a hole, that didn't exist in the original program. Using this hole, and code provided by Spengler, any cracker with sufficient access to a Linux computer could get into the computer's memory and, from there, get into all kinds of mischief."

Complete Story

Related Stories: