On 05/27/15 10:18, Simon wrote:
Le 2015-05-26 16:25, Theo de Raadt a écrit :
Le 2015-05-26 00:10, Miod Vallat a =C3=A9crit=C2=A0:
> It is not the responsibility of the operating system to protect its
> users against software which assumes using the pid as a random source=
=20
> is
> a bright and wise idea.
=20
Isn't this the whole goal of random PIDs, to put a defense at OS
level=20
protecting software against themselves when they make wrong
assumption=20
regarding the PID and use it for wrong purposes?
A 16 bit PID is suppsed to provide true safety?
Please.
The problem is people who believe that shoving a 16 bit value into
a deterministic function gets them somewhere.
So do you confirm that random PID is actually not a security measure?
It is often presented as is, but it would not be the first time that
some wrong rumors get widespread enough to become accepted as a truth by
most people.
I could also easily imagine that PID have been randomized just because
it was allowed to do so and that it was interesting from the coding
perspective as showing up software bugs that sequential PID would hardly
uncover (I'm mainly referring here to Ted Unangst's talk:
http://www.openbsd.org/papers/dev-sw-hostile-env.html, see
"randomization" section, backed by the "philosophy" section: "The sooner
we can break it, the sooner we can fix it").
Having PID's that are not easily predicable helps to reduce the attack
surface.
IMO that is a security measure, but YMMV.
Fred
