| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3FC41E44.9060908@hutley.net> From: brett at hutley.net (Brett Hutley) Subject: Attacks based on predictable process IDs?? Christopher Allene wrote: > Brett Hutley (brett@...ley.net) wrote on 2003-11-26 at 11:32: > >>Folks, does anyone know why predictable process IDs are considered harmful? > > > Predictable process IDs can be used as a vector to attack programs > vulnerable to race conditions in /tmp file creation, in case those > programs use their PID to create a file, meaning you could possibly > create one (or, for "practical" uses, more often a link or a named pipe) > first. > > Programs which uses the following pseudo-code are also vulnerable: > > srand (getppid ()); > > because the sequence of the so-called rand()om numbers is predictible. > (Arguably, calling srand() passing a xor of your PID and the current > time is no better. See perldoc -f srand for a discussion on this, I'm > getting offtopic.) Hmmm... so it's more a case of badly written program using the process ID in an insecure way causes the vulnerability rather than a predictable process ID causing a vulnerability itself? > Thus, I remember a really weird situation where predictable PIDs were > used to compromise security, it was discussed on BugTraq a while ago, > but I couldn't find a track of it in my BT archive... anyone? -- Brett Hutley [MAppFin,CISSP,SANS GCIH] mailto:brett@...ley.net http://hutley.net/brett
Powered by blists - more mailing lists