lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: cwis at nerim.fr (Christopher Allene)
Subject: Attacks based on predictable process IDs??

Brett Hutley (brett@...ley.net) wrote on 2003-11-26 at 11:32:
> Folks, does anyone know why predictable process IDs are considered harmful?
 
Predictable process IDs can be used as a vector to attack programs
vulnerable to race conditions in /tmp file creation, in case those
programs use their PID to create a file, meaning you could possibly
create one (or, for "practical" uses, more often a link or a named pipe)
first.

Programs which uses the following pseudo-code are also vulnerable:

    srand (getppid ());

because the sequence of the so-called rand()om numbers is predictible.
(Arguably, calling srand() passing a xor of your PID and the current
time is no better. See perldoc -f srand for a discussion on this, I'm
getting offtopic.)

Thus, I remember a really weird situation where predictable PIDs were
used to compromise security, it was discussed on BugTraq a while ago,
but I couldn't find a track of it in my BT archive... anyone?

-- 
Christopher All?ne

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ