Date: Wed, 1 Dec 1999 20:51:26 +0100 From: Wolfram Schneider <wosch@panke.de.freebsd.org> To: Kris Kennaway <kris@hub.freebsd.org> Cc: Matthew Dillon <dillon@apollo.backplane.com>, Dan Moschuk <dan@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h Message-ID: <19991201205126.A1137@paula.panke.de.freebsd.org> In-Reply-To: <Pine.BSF.4.21.9911291431310.19254-100000@hub.freebsd.org>; from kris@hub.freebsd.org on Mon, Nov 29, 1999 at 02:33:09PM -0800 References: <199911292135.NAA09413@apollo.backplane.com> <Pine.BSF.4.21.9911291431310.19254-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1999-11-29 14:33:09 -0800, Kris Kennaway wrote: > On Mon, 29 Nov 1999, Matthew Dillon wrote: > > > Randomizing is a relatively 'weak' security fix, especially in light of > > the severe restrictions on both pid and port number ranges. Even with > > a good random number generator. I don't particularly see why it should > > be imposed on everyone. And, frankly, I *use* the fact that pid's tend > > to increment when I look at 'ps' and 'jobs -l' output just as a > > double check, and I'm sure other people do to. > > The big thing which randomized pids gives you is protection against > tempfile guessing (e.g. /tmp/foo<pid>). We can't fix all of those bugs > because they exist in a lot of third party code, including code without > source. mount -u -o nosymfollow /tmp is your friend ... -- Wolfram Schneider <wosch@freebsd.org> http://wolfram.schneider.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991201205126.A1137>