Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability
From: jf <jf () danglingpointers net>
Date: Fri, 27 Feb 2009 13:39:31 +0000 (UTC)

I'm didn't even comment on Mark's paper, it is definitely a great piece of
research, there is no doubt. It's just that some people have read this paper
and thought, wow, all those NULL bugs are now exploitable. It's important to
separate these bug classes.

sorry to interrupt your self-aggrandizing tirade, however you're the only
one who took the implication that *all* null ptr related bugs are
exploitable-- i never implied or said that, just said in some instances
they can be. Furthermore, I think you're taking the word 'dereference' a
little too serious and you should perhaps take up a hobby such as baseball
cards or miniature collectibles to quench you're apparent need to
sub-categorize into nothing. If you want to insist that null+x/etc bugs be
in an entirely separate category than dereferences, that's cool, just don't
go all ape-shit on people who dont share your same narrow view at
some feeble attempt at elitism via syntactic pedantry.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]