> These software were using the child process PID + a Unix timestamp as > seed.
Such patterns are the problem. End of story, really. > OpenBSD, as a security conscious OS, has already implemented a > protection against such exploit (cool :) !), but I'm surprised by the > technical choices made here (less cool :( ). The protection has been > added in the revision 1.150 (mid-2013) of the file > `src/sys/kern/kern_fork.c'. It adds a array of a fixed and hardcoded > size of 100 entries storing the lastly freed PIDs (`pid_t > oldpids[100];'). That is not a protection; actually more of a strategy to deal with badly written code so that the ports guys don't lose their hair as quickly. > I was wondering why this has never been implemented? At the first > glance, this seem to be the safe and best way to do, isn't it? The safe way is to avoid use of such deterministic non-random functions, and for the good of the community go on attack against the remaining places they are used. deterministic(seed) is not random.
