Main navigation | Main content
Andrew C. Myers. “JFlow: practical mostly-static information
flow control”. In Principles of Programming Languages
(POPL), pages 228–241, San Antonio, TX, USA, January 1999.
[ACM]
Rob Johnson and David Wagner. “Finding user/kernel pointer bugs
with type inference”. In USENIX Security Symposium, pages
119–134, San Diego, CA, USA, August 2004.
[USENIX]
Question: In user-space programs, erroneous attempts to use a null pointer are not usually very serious security problems, because doing so causes the program to immediately terminate. (The worst this could be described as in security terms is a "denial of service".) However uses of a null pointer are a more serious problems in an OS kernel. Why is this? Three things you could imagine a kernel doing with a null pointer are reading through it, writing through it, or jumping to it (treating it as a function pointer). Which of these is most likely to be a security vulnerability?