| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: Attacks based on predictable process IDs?? local user race condition sploits, a local user links to a critical file for the system, admin runs the app with the predictable process ID's issue, and the linked file causes overwirtes of critical files with trash. Thanks, Ron DuFresne On Wed, 26 Nov 2003, Brett Hutley wrote: > Folks, does anyone know why predictable process IDs are considered harmful? > > I can see that there could be the possibility of a compromise if your > cryptographic PRNGs are seeded using a process ID. > > Does anyone know of any other types of attacks? > > Cheers, Brett > -- > Brett Hutley [MAppFin,CISSP,SANS GCIH] > mailto:brett@...ley.net > http://hutley.net/brett > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists