Re: Non-random PIDs
From: Jason Dixon (jason_at_dixongroup.net)
Date: 08/01/04
- Previous message: Jason Dixon: "Re: Non-random PIDs"
- Maybe in reply to: Jason Dixon: "Non-random PIDs"
- Next in thread: Dave Ihnat: "Re: Non-random PIDs"
- Reply: Dave Ihnat: "Re: Non-random PIDs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 1 Aug 2004 17:36:36 -0400 To: General Red Hat Linux discussion list <redhat-list@redhat.com>
On Aug 1, 2004, at 5:32 PM, Rik van Riel wrote:
> On Sun, 1 Aug 2004, Jason Dixon wrote:
>
>> I see that there is a maintained random-PID patch for the 2.4 series.
>> The author claims it was rejected by Alan Cox because it was merely
>> "security through obscurity". I'm a little surprised to hear that,
>> but
>> oh well.
>
> It is true, though. The random-PID patch might decrease
> the chance of exploiting a certain bug by a small factor,
> but that's no substitute for actually fixing the bug ...
Obviously, fixing any bugs that could be exploited by this should be
the priority by any responsible developer. Nevertheless, you have to
ask yourself, what advantage is there to generating a pid as pid+1,
rather than via entropy? If all things are equal, I would think that
random PID generation is simply a better design.
-- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Jason Dixon: "Re: Non-random PIDs"
- Maybe in reply to: Jason Dixon: "Non-random PIDs"
- Next in thread: Dave Ihnat: "Re: Non-random PIDs"
- Reply: Dave Ihnat: "Re: Non-random PIDs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
