Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 29 Nov 1999 14:33:09 -0800 (PST)
From:      Kris Kennaway <kris@hub.freebsd.org>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        Dan Moschuk <dan@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject:   Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h
Message-ID:  <Pine.BSF.4.21.9911291431310.19254-100000@hub.freebsd.org>
In-Reply-To: <199911292135.NAA09413@apollo.backplane.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 29 Nov 1999, Matthew Dillon wrote:

>     Randomizing is a relatively 'weak' security fix, especially in light of
>     the severe restrictions on both pid and port number ranges.  Even with
>     a good random number generator.  I don't particularly see why it should
>     be imposed on everyone.  And, frankly, I *use* the fact that pid's tend
>     to increment when I look at 'ps' and 'jobs -l' output just as a 
>     double check, and I'm sure other people do to.

The big thing which randomized pids gives you is protection against
tempfile guessing (e.g. /tmp/foo<pid>). We can't fix all of those bugs
because they exist in a lot of third party code, including code without
source.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9911291431310.19254-100000>