From owner-cvs-all Mon Nov 29 15:44:47 1999 Delivered-To: cvs-all@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 00FF014DE5; Mon, 29 Nov 1999 15:44:43 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id PAA12574; Mon, 29 Nov 1999 15:44:41 -0800 (PST) (envelope-from dillon) Date: Mon, 29 Nov 1999 15:44:41 -0800 (PST) From: Matthew Dillon Message-Id: <199911292344.PAA12574@apollo.backplane.com> To: Warner Losh Cc: Kris Kennaway , Dan Moschuk , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h References: <199911292239.OAA11977@apollo.backplane.com> <199911292335.QAA97810@harmony.village.org> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk :I don't think this is true. There are tmp file races with things like :gcc which would allow one to insert arbitrary code into a file being :compile, should one wish to do so and can guess things. At least :there used to be, I don't know if this is the case still. When you :are racing others on the system w/o this change you had a small range :of pids to choose from. After this change there is a large range. :some of the races are to overwrite an arbitrary file on the system, :while others are to provide bad data to a process running under a :different uid to do bad things to that uid... : :Warner Do you want another example? Fine, then how about this: /proc is publically readable. You can obtain a list of pid's from that, figure out which one is new, and still win the race. You see? Randomizing pid's is *very* weak security. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message