From owner-cvs-all  Mon Nov 29 13:44:45 1999
Delivered-To: cvs-all@freebsd.org
Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.133])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9EF5E1541E; Mon, 29 Nov 1999 13:44:34 -0800 (PST)
	(envelope-from mark@grondar.za)
Received: from grondar.za (localhost [127.0.0.1])
	by gratis.grondar.za (8.9.3/8.9.3) with ESMTP id XAA12568;
	Mon, 29 Nov 1999 23:44:25 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <199911292144.XAA12568@gratis.grondar.za>
To: Matthew Dillon <dillon@apollo.backplane.com>
Cc: Dan Moschuk <dan@FreeBSD.org>, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h 
Date: Mon, 29 Nov 1999 23:44:24 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

>     Randomizing is a relatively 'weak' security fix, especially in light of
>     the severe restrictions on both pid and port number ranges.  Even with
>     a good random number generator.  I don't particularly see why it should
>     be imposed on everyone.  And, frankly, I *use* the fact that pid's tend
>     to increment when I look at 'ps' and 'jobs -l' output just as a 
>     double check, and I'm sure other people do to.

I reckon this point on its own is a good case for making random
pids an option; this can always be inexpensively undone later.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message