O'Reilly logo

A Bug Hunter's Diary by Tobias Klein

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

3.4 Lessons Learned

As a programmer:

  • Always define proper error conditions.

  • Always validate return values correctly.

  • Not all kernel NULL pointer dereferences are simple denial-of-service conditions. Some of them are really bad vulnerabilities that can lead to arbitrary code execution.

As a system administrator:

  • Don’t blindly trust zones, compartments, fine-grained access controls, or virtualization. If there is a bug in the kernel, there’s a good chance that every security feature can be bypassed or evaded. And that’s true not only for Solaris Zones.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required