On Wed, 26 Nov 2003, Brett Hutley wrote: > Folks, does anyone know why predictable process IDs are considered harmful? > I can see that there could be the possibility of a compromise if your > cryptographic PRNGs are seeded using a process ID. > Does anyone know of any other types of attacks?
Among other things mentioned in this thread, just take a look on exploit technique used in recent kernel_thread()/ptrace() race condition in Linux kernel. That exploit needed to PTRACE_ATTACH to newly created thread (invoked "automatically" by kmod) before it was possible to know PID of this newly created thread. So it used simple heuristic - current pid + 1, which was true on most systems without PID randomization. -- JiKos. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html