Linux Today: Linux News On Internet Time.

A Linux security story

Jul 17, 2009, 19:32 (9 Talkback[s])
(Other stories by Steven J. Vaughan-Nichols)

[ Thanks to Steven J. Vaughan-Nichols for this link. ]

"But, and from a technical standpoint this is where it gets interesting. The programmer's code that does this looks innocent. It only after the gcc "compiler takes this into its hands, while optimizing the code, the compiler will see that the variable has already been assigned and will actually remove the if block (the check if tun is NULL) completely from the resulting compiled code. In other words, the compiler will introduce the vulnerability to the binary code, which didn't exist in the source code. This will cause the kernel to try to read/write data from 0x00000000, which the attacker can map to userland - and this finally pwns the box."

"Scary isn't it? You see, because it's working at such a low level, this vulnerability can be used to dodge around SELinux (Security Enhanced Linux), AppArmor and other Linux security programs."

Complete Story

Related Stories: