From owner-cvs-all Mon Nov 29 14:39:50 1999 Delivered-To: cvs-all@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 4647814F3C; Mon, 29 Nov 1999 14:39:47 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id OAA11977; Mon, 29 Nov 1999 14:39:46 -0800 (PST) (envelope-from dillon) Date: Mon, 29 Nov 1999 14:39:46 -0800 (PST) From: Matthew Dillon Message-Id: <199911292239.OAA11977@apollo.backplane.com> To: Kris Kennaway Cc: Dan Moschuk , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h References: Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk :> to increment when I look at 'ps' and 'jobs -l' output just as a :> double check, and I'm sure other people do to. : :The big thing which randomized pids gives you is protection against :tempfile guessing (e.g. /tmp/foo). We can't fix all of those bugs :because they exist in a lot of third party code, including code without :source. : :Kris Not really. Example: fork/exec an suid program. You now know what the pid is (the return valud of the fork). There is no need to guess, and a randomized pid won't help you. In fact, you can TSTP the program relatively easily since you are probably still the controlling terminal. You can effectively exploit the window even without TSTPing or STOPing the program. The only time a randomized pid would help you is with historical cron root-run code. But all of those holes have been fixed (we believe). -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message