Date: Mon, 29 Nov 1999 15:44:41 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Warner Losh <imp@village.org> Cc: Kris Kennaway <kris@hub.freebsd.org>, Dan Moschuk <dan@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h Message-ID: <199911292344.PAA12574@apollo.backplane.com> References: <199911292239.OAA11977@apollo.backplane.com> <Pine.BSF.4.21.9911291431310.19254-100000@hub.freebsd.org> <199911292335.QAA97810@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:I don't think this is true. There are tmp file races with things like
:gcc which would allow one to insert arbitrary code into a file being
:compile, should one wish to do so and can guess things. At least
:there used to be, I don't know if this is the case still. When you
:are racing others on the system w/o this change you had a small range
:of pids to choose from. After this change there is a large range.
:some of the races are to overwrite an arbitrary file on the system,
:while others are to provide bad data to a process running under a
:different uid to do bad things to that uid...
:
:Warner
Do you want another example? Fine, then how about this: /proc is
publically readable. You can obtain a list of pid's from that,
figure out which one is new, and still win the race.
You see? Randomizing pid's is *very* weak security.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911292344.PAA12574>