Date: Mon, 29 Nov 1999 01:21:13 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: Dan Moschuk <dan@FreeBSD.ORG>, freebsd-audit@FreeBSD.ORG Subject: Re: New Random PID patch using arc4 available Message-ID: <Pine.BSF.4.21.9911290115240.32858-100000@hub.freebsd.org> In-Reply-To: <21954.943862700@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 29 Nov 1999, Sheldon Hearn wrote: > Could you explain the problems involved with linear PID allocation? If > it's already been explained in published notes, just a reference to > those notes would be great. One of the things it (neatly) solves is predictable PID-based tempfile naming - a lot of code out there likes to blindly create tempfiles using foo.<pid>, perhaps with a few random characters added. In many cases with a linear PID model you can exploit this by "mining" the tempdir with a few hundred symlinks, hoping the process will pick one of the names and follow it into damnation. The proper fix is to use mkstemp() with lots of X's and make sure you don't have any race conditions in your tempfile handling, but this helps a lot. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9911290115240.32858-100000>