Re: random PID patch

Tomas Szepe (szepe@pinerecords.com)
Mon, 11 Nov 2002 11:17:57 +0100


> > I've ported my random-PID-patch from 2.2.19 to 2.4.19.
> > It should be downloadable from
> > http://www.vanheusden.com/Linux/fp-2.4.19.patch.gz
> > (or follow the link from
> > http://www.vanheusden.com/Linux/kernel_patches.php3 )
> RSK> hm
> RSK> what's the point of random PIDs?
>
> Sometimes, (well; frequently) programs that create temporary
> files let the filename depend on their PID. A hacker could use
> that knowledge. So if you know that the application that
> you're starting uses the last PID+1, you could make sure that
> that file already exists or create a symlink with that name or
> whatsoever causing the application you're starting to do
> things it's not supposed to. Like forcing suid apps to create
> a file in the startup-scripts dir. or something.

How about I create 2^15 symlinks then?
Really, the only true solution to this problem is to fix the apps.

-- 
Tomas Szepe <szepe@pinerecords.com>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/