Linux Today: Linux News On Internet Time.

More on LinuxToday

Fixing Linux

Aug 20, 2009, 20:04 (0 Talkback[s])
(Other stories by Steven J. Vaughan-Nichols)


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

[ Thanks to Steven J. Vaughan-Nichols for this link. ]

"What he found was that in some network code, there was a procedure that included a variable that could be set to NULL (no value at all). Now, this didn't appear to be a problem because the programmer also included a test which would return an error-message if the variable turned out to have a NULL value.

"So far, so good. Unfortunately, the gcc code optimizer on finding that a variable has been assigned a NULL value removed the test! This left a hole, that didn't exist in the original program. Using this hole, and code provided by Spengler, any cracker with sufficient access to a Linux computer could get into the computer's memory and, from there, get into all kinds of mischief."

Complete Story

Related Stories: