should we consider adding a null dereference mitigation requirement

commoncriteria / operatingsystem

Protection Profile for Operating Systems

The Unlicense

9 stars 6 forks source link

should we consider adding a null dereference mitigation requirement #51

Closed bourdett closed 9 years ago

bourdett commented 9 years ago

FPT_NULL_EXT.1.1 The OS shall allocation the first 4k of memory starting at address zero and mark the memory as read only.

App Note: By having the OS allocate the first 4k of memory as read only, it will prevent any malicious code from having the chance to allocate that memory and possible trigger a null dereference attack.

ajcousi commented 9 years ago

This does feel like a decent anti exploitation mechanism that I'd think any reasonable OS should be doing these days.

Is there an easy way to check - other than write some code that tries to access the null page?

jeffblank commented 9 years ago

Not this version.