Date: Tue, 3 Nov 1998 23:26:00 -0600 (CST) From: root@diginix.net To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: kern/8570: patch for randomised process id allocation Message-ID: <199811040526.XAA15378@diginix.net>
next in thread | raw e-mail | index | archive | help
>Number: 8570
>Category: kern
>Synopsis: patch for randomised process id allocation
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 3 23:30:00 PST 1998
>Last-Modified:
>Originator: Charlie &
>Organization:
none
>Release: FreeBSD 2.2.7-RELEASE i386
>Environment:
i386 FreeBSD 2.2 system.
>Description:
The incremental nature of current process id allocation can lend
itself to a number of potentially serious security problems. This
patch allocates a pid using the kernels random() function in
libkern. It is nearly the same as OpenBSD's equivalent, only
difference being that obsd uses the arc4random() PRNG.
>How-To-Repeat:
>Fix:
*** kern_fork.c.orig Mon Nov 2 22:11:24 1998
--- kern_fork.c Tue Nov 3 21:41:13 1998
***************
*** 53,58 ****
--- 53,61 ----
#include <sys/acct.h>
#include <sys/ktrace.h>
#include <sys/unistd.h>
+ #include <sys/libkern.h>
+ #include <sys/time.h>
+ #include <sys/sysctl.h>
#include <vm/vm.h>
#include <vm/vm_param.h>
***************
*** 113,119 ****
--- 116,124 ----
int nprocs = 1; /* process 0 */
+ static int randompid = 1; /* set to 1 for randomised pids */
static int nextpid = 0;
+ SYSCTL_INT(_kern, OID_AUTO, randompid, CTLFLAG_RW, &randompid, 0, "");
static int
fork1(p1, flags, retval)
***************
*** 124,129 ****
--- 129,135 ----
register struct proc *p2, *pptr;
register uid_t uid;
struct proc *newproc;
+ struct timeval tv;
int count;
static int pidchecked = 0;
fle_p ep ;
***************
*** 174,179 ****
--- 180,187 ----
* ready to use (from nextpid+1 through pidchecked-1).
*/
nextpid++;
+ if (randompid)
+ nextpid = PID_MAX;
retry:
/*
* If the process ID prototype has wrapped around,
***************
*** 181,188 ****
* tend to include daemons that don't exit.
*/
if (nextpid >= PID_MAX) {
! nextpid = 100;
! pidchecked = 0;
}
if (nextpid >= pidchecked) {
int doingzomb = 0;
--- 189,206 ----
* tend to include daemons that don't exit.
*/
if (nextpid >= PID_MAX) {
! if(randompid)
! {
! microtime(&tv);
! srandom(tv.tv_sec ^ tv.tv_usec);
! nextpid = random() % PID_MAX;
! pidchecked = 0;
! }
! else
! {
! nextpid = 100;
! pidchecked = 0;
! }
}
if (nextpid >= pidchecked) {
int doingzomb = 0;
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811040526.XAA15378>