Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
09-04-2014, 01:07 AM
|
#1
|
LQ Newbie
Registered: Nov 2013
Posts: 3
Rep: 
|
How to get rid of null pointer dereference...
Hi,
Few days back done some security audit.In audit report found one thing i.e,[FAIL] nullpointer -- Tests for the null pointer dereference vulnerability.
how to find where i'm getting this problem?how to solve it.
Please suggest me.
thanks,
Raghu.
|
|
|
09-04-2014, 07:18 AM
|
#2
|
Moderator
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,961
|
What did you run to get that report? That makes little or no sense to me, and here's why.
It appears to be a program problem versus a security issue. A NULL pointer, is referencing address 0x00000000.
In operating systems that is an invalid address because it's typically the start vector for the CPU.
If code branches or jumps to that location, that typically ends up resetting your processor. That would be "session catastrophic" (my invented term) because it restarts your computer. I don't feel that it is damaging with the exception that any open programs and their associated data are lost. The equivalent is if you force a reboot at an inopportune time; or if you lose power on a system that doesn't have a battery. Bummer, but not the end of the world.
If a program attempts to access a NULL address location; for instance it has a pointer to some data and that pointer happens to be corrupted to be NULL, then what happens is a software exception, which means the program attempted to access an illegal memory location. Similar to when you have a program that crashes where it goes from working, to suddenly either just gone, or popping up a fault screen and giving you the option to go to a debugger. This is almost always a software bug in that particular program. Again, not IMHO a security breach of any type. In fact, I'm wondering if the software which ran to perform this audit was the program which had an address exception fault and that's the report you're seeing.
The other variation is my less than gratuitous opinion that some "security audit", pardon my phrase "crapware" gives the operator these elusively, onerous sounding terms, thus raising your concern antenna. I also do wonder if it is Malware of some type. Any chance this all happened as part of a pop up from a browser?
|
|
|
09-04-2014, 07:36 AM
|
#3
|
LQ Addict
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 24,513
|
would be nice to ask them to explain the source (origin) of that message. Without additional info it has no any real meaning. (What was checked at all, how, ....)
Something was wrong somewhere....
|
|
|
09-04-2014, 08:00 AM
|
#4
|
LQ Guru
Registered: Dec 2007
Distribution: Centos
Posts: 5,286
|
A google search of the key phrase gets a lot of hits, most of which give unsupported claims about the issue with no real information. That seems to be a technique for selling security services (exaggerated and confusing claims about vulnerabilities without info to back it up).
I found one page with a decent explanation of an issue with that same description. That is not necessarily the only issue with that description, just the only one I could find explained:
http://www.kb.cert.org/vuls/id/650142
That example (and most of the other unexplained ones) are potential "denial of service" vulnerabilities, meaning someone outside can cause a program running on your system to crash. It does not mean they can steal your data or take over control of your system, just make something on your system crash.
It is very clear that this vulnerability provides a way for a malicious web site to cause your browser to crash. But I consider that too trivial to worry about. When a malicious web site causes your browser to crash you just restart your browser and avoid that site.
A more serious "denial of service" would be if a malicious browser could cause your web site to crash. I don't see anything in any of the descriptions I found with google that would make me believe this vulnerability acts in that direction. But I don't see enough detail to rule that out.
So far as getting rid of it, you need to update the package in which the problem was found to one new enough that the problem is fixed. It is not something you can fix yourself other than by getting the newer version after the package maintainer has fixed it.
Edit: I found a slight less explained but more serious issue with the same phrase in its description:
http://xforce.iss.net/xforce/xfdb/91985
That sounds like it would let a hostile local user crash the whole system. I don't know if you have users who have been given the right to compile and run their own programs, who also might be malicious. I am more used to an environment where outside users cannot compile or run their own programs and inside users are not malicious.
There does seem to be a patch available if that one is the issue you are worried about.
Last edited by johnsfine; 09-04-2014 at 08:11 AM.
|
|
|
09-04-2014, 09:38 AM
|
#5
|
Senior Member
Registered: Nov 2004
Distribution: Mint, MX, antiX, SystemRescue
Posts: 2,337
|
If you want to read from a null pointer, more power to you. It's a useless thing to do, and you will read garbage, but you won't hurt anything. Other than possibly making your program go brain-dead and crash, depending on how well, or how poorly, you wrote the program.
Now, if you try to WRITE to the null pointer, that would be writing to someplace you shouldn't be. I think most, if not all, OS'es these days will prevent this operation. That wasn't the case back "in the old days". I have imcompetantly written to many nulls pointers in my decades long career, with disasterous results sometimes (crash the system). But the box would reboot back just fine, and other than the disturbance of having crashed the thing, no harm done (although the potential for harm - maybe a corrupted filesystem from the crash - obviously exists).
I guess I did have ONE instance of badness from reading the null pointer. I remember a C program, running as root on a System V box, that I diagnosed eventually as reading from the null pointer. Problem was, that program was running as root, and passed the results of the null pointer read to "kill". It was supposed to be pointing to a process id. Well, I guess it was, randomly, but apparently that "process id" happened to be "1" or something else equally as bad. The box came down rather fast and unexpectedly!
|
|
|
All times are GMT -5. The time now is 12:25 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|