Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 29 Nov 1999 18:29:34 -0700
From:      Warner Losh <imp@village.org>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h 
Message-ID:  <199911300129.SAA98529@harmony.village.org>
In-Reply-To: Your message of "Mon, 29 Nov 1999 15:44:41 PST." <199911292344.PAA12574@apollo.backplane.com> 
References:  <199911292344.PAA12574@apollo.backplane.com>  <199911292239.OAA11977@apollo.backplane.com> <Pine.BSF.4.21.9911291431310.19254-100000@hub.freebsd.org> <199911292335.QAA97810@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <199911292344.PAA12574@apollo.backplane.com> Matthew Dillon writes:
:     Do you want another example?  Fine, then how about this:  /proc is 
:     publically readable.  You can obtain a list of pid's from that,
:     figure out which one is new, and still win the race.
: 
:     You see?  Randomizing pid's is *very* weak security.

It increase the amount of work needed to find out the pid in question.
This reduces the chances of winning the race to create the symbolic
links.  The sequential pids make this sort of attack trivial.  An
attacker, in the case of the recent make -j problem, could guess
several files ahead and sprinkle them before make even forked off its
jobs.  With random pids, an attacker cannot do that and must grovel in
/proc for valuable micro/milliseconds and will be less likely to win
the race that is here.  The window is harder to hit, but it is still
possible.  It isn't a perfect solution.  However, it isn't a "very
weak" security.  It is better than sequential pids.

This is the main reason that we'd like to use mkstemp everywhere,
since that ensures that you'll not lose a race.

Warner



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911300129.SAA98529>