On Wed, May 27, 2015 at 02:34:43PM +0200, Simon wrote: > Le 2015-05-27 11:53, Fred a écrit : > >On 05/27/15 10:18, Simon wrote: > >>Le 2015-05-26 16:25, Theo de Raadt a écrit : > >>> > >>>A 16 bit PID is suppsed to provide true safety? > >>> > >>>Please. > >>> > >>>The problem is people who believe that shoving a 16 bit value into > >>>a deterministic function gets them somewhere. > >> > >>So do you confirm that random PID is actually not a security measure? > >> > >>It is often presented as is, but it would not be the first time that > >>some wrong rumors get widespread enough to become accepted as a truth by > >>most people. > >> > >>I could also easily imagine that PID have been randomized just because > >>it was allowed to do so and that it was interesting from the coding > >>perspective as showing up software bugs that sequential PID would hardly > >>uncover (I'm mainly referring here to Ted Unangst's talk: > >>http://www.openbsd.org/papers/dev-sw-hostile-env.html, see > >>"randomization" section, backed by the "philosophy" section: "The sooner > >>we can break it, the sooner we can fix it"). > >> > > > >Having PID's that are not easily predicable helps to reduce the attack > >surface. > > > >IMO that is a security measure, but YMMV. > > > >Fred > > There is a difference between having random PIDs and having PIDs which are > not easily predictable. > > For instance, dividing the 16 bits of the PID to make the 8 lower bits as a > counter and 8 higher bits as a random value would provide both not easily > predictible and not quickly reused PIDs. > > However, minor the 100 items array, OpenBSD uses random PIDs. While it > indeed reduces the attack surface against PID predictions (mostly local > exploits) it facilitates attacks relying on PID reuse (includes remote > exploits, so attacks with higher risk than local exploits). > > So all in all I'm not convinced at all that using random PIDs reduces the > attack surface, I was actually worrying if it may not be actually counter > productive in terms of security. >
Please go troll somewhere else. Software that breaks if a PID is reused too soon is inherently broken and the operating system should not try to protect these broken programs. Please put your effort into fixing those broken programs instead of spreading FUD here. -- :wq Claudio
