lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0311261350110.4886@twin.jikos.cz>
From: jikos at jikos.cz (Jirka Kosina)
Subject: Attacks based on predictable process IDs??

On Wed, 26 Nov 2003, Brett Hutley wrote:

> Folks, does anyone know why predictable process IDs are considered harmful?
> I can see that there could be the possibility of a compromise if your
> cryptographic PRNGs are seeded using a process ID.
> Does anyone know of any other types of attacks?

Among other things mentioned in this thread, just take a look on exploit
technique used in recent kernel_thread()/ptrace() race condition in Linux
kernel. That exploit needed to PTRACE_ATTACH to newly created thread
(invoked "automatically" by kmod) before it was possible to know PID of
this newly created thread. So it used simple heuristic - current pid + 1,
which was true on most systems without PID randomization.

-- 
JiKos.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ