From owner-cvs-all Mon Nov 29 14:33:14 1999 Delivered-To: cvs-all@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id EF6AE15466; Mon, 29 Nov 1999 14:33:09 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id DC32F1CD626; Mon, 29 Nov 1999 14:33:09 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Mon, 29 Nov 1999 14:33:09 -0800 (PST) From: Kris Kennaway To: Matthew Dillon Cc: Dan Moschuk , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h In-Reply-To: <199911292135.NAA09413@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk On Mon, 29 Nov 1999, Matthew Dillon wrote: > Randomizing is a relatively 'weak' security fix, especially in light of > the severe restrictions on both pid and port number ranges. Even with > a good random number generator. I don't particularly see why it should > be imposed on everyone. And, frankly, I *use* the fact that pid's tend > to increment when I look at 'ps' and 'jobs -l' output just as a > double check, and I'm sure other people do to. The big thing which randomized pids gives you is protection against tempfile guessing (e.g. /tmp/foo). We can't fix all of those bugs because they exist in a lot of third party code, including code without source. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message