From owner-freebsd-bugs Tue Nov 3 23:30:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA07978 for freebsd-bugs-outgoing; Tue, 3 Nov 1998 23:30:00 -0800 (PST) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA07969 for ; Tue, 3 Nov 1998 23:29:59 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id XAA09177; Tue, 3 Nov 1998 23:30:00 -0800 (PST) Received: from diginix.net (diginix.net [206.222.176.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA07094 for ; Tue, 3 Nov 1998 23:24:59 -0800 (PST) (envelope-from ncb@diginix.net) Received: (from root@localhost) by diginix.net (8.8.8/8.8.8) id XAA15378; Tue, 3 Nov 1998 23:26:00 -0600 (CST) (envelope-from ncb) Message-Id: <199811040526.XAA15378@diginix.net> Date: Tue, 3 Nov 1998 23:26:00 -0600 (CST) From: root@diginix.net Reply-To: ncb@attrition.org To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: kern/8570: patch for randomised process id allocation Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 8570 >Category: kern >Synopsis: patch for randomised process id allocation >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Nov 3 23:30:00 PST 1998 >Last-Modified: >Originator: Charlie & >Organization: none >Release: FreeBSD 2.2.7-RELEASE i386 >Environment: i386 FreeBSD 2.2 system. >Description: The incremental nature of current process id allocation can lend itself to a number of potentially serious security problems. This patch allocates a pid using the kernels random() function in libkern. It is nearly the same as OpenBSD's equivalent, only difference being that obsd uses the arc4random() PRNG. >How-To-Repeat: >Fix: *** kern_fork.c.orig Mon Nov 2 22:11:24 1998 --- kern_fork.c Tue Nov 3 21:41:13 1998 *************** *** 53,58 **** --- 53,61 ---- #include #include #include + #include + #include + #include #include #include *************** *** 113,119 **** --- 116,124 ---- int nprocs = 1; /* process 0 */ + static int randompid = 1; /* set to 1 for randomised pids */ static int nextpid = 0; + SYSCTL_INT(_kern, OID_AUTO, randompid, CTLFLAG_RW, &randompid, 0, ""); static int fork1(p1, flags, retval) *************** *** 124,129 **** --- 129,135 ---- register struct proc *p2, *pptr; register uid_t uid; struct proc *newproc; + struct timeval tv; int count; static int pidchecked = 0; fle_p ep ; *************** *** 174,179 **** --- 180,187 ---- * ready to use (from nextpid+1 through pidchecked-1). */ nextpid++; + if (randompid) + nextpid = PID_MAX; retry: /* * If the process ID prototype has wrapped around, *************** *** 181,188 **** * tend to include daemons that don't exit. */ if (nextpid >= PID_MAX) { ! nextpid = 100; ! pidchecked = 0; } if (nextpid >= pidchecked) { int doingzomb = 0; --- 189,206 ---- * tend to include daemons that don't exit. */ if (nextpid >= PID_MAX) { ! if(randompid) ! { ! microtime(&tv); ! srandom(tv.tv_sec ^ tv.tv_usec); ! nextpid = random() % PID_MAX; ! pidchecked = 0; ! } ! else ! { ! nextpid = 100; ! pidchecked = 0; ! } } if (nextpid >= pidchecked) { int doingzomb = 0; >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message