[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0311261350110.4886@twin.jikos.cz>
From: jikos at jikos.cz (Jirka Kosina)
Subject: Attacks based on predictable process IDs??
On Wed, 26 Nov 2003, Brett Hutley wrote:
> Folks, does anyone know why predictable process IDs are considered harmful?
> I can see that there could be the possibility of a compromise if your
> cryptographic PRNGs are seeded using a process ID.
> Does anyone know of any other types of attacks?
Among other things mentioned in this thread, just take a look on exploit
technique used in recent kernel_thread()/ptrace() race condition in Linux
kernel. That exploit needed to PTRACE_ATTACH to newly created thread
(invoked "automatically" by kmod) before it was possible to know PID of
this newly created thread. So it used simple heuristic - current pid + 1,
which was true on most systems without PID randomization.
--
JiKos.
Powered by blists - more mailing lists