On Wed, Nov 04, 2009 at 02:57:59AM +0100, Claire beuserie wrote: > Hi, > > On Wed, Nov 4, 2009 at 12:58 AM, Theo de Raadt <[email protected]>wrote: > > > 2) At least three of our developers were aware of this exploitation > > method going back perhaps two years before than the commit, but we > > gnashed our teeth a lot to try to find other solutions. Clever > > cpu architectures don't have this issue because the virtual address > > spaces are seperate, so i386/amd64 are the ones with the big impact. > > We did think long and hard about tlb bashing page 0 everytime we > > switch into the kernel, but it still does not look attractive from > > a performance standpoint. > > > > I'm confused. > > That came out a bit weird: are you saying you knew about the bug for 2 years > but did not fix it?
It's not "the bug", it's a class of vulnerabilities that allows to exploit a NULL pointer dereference under certain circumstances. http://packetstorm.linuxsecurity.com/poisonpen/8lgm/ptchown.c is commonly cited as the oldest public source (1994). Use google for more. > > > c.b- -- Sent from my noname server.
