local user race condition sploits, a local user links to a critical file for the system, admin runs the app with the predictable process ID's issue, and the linked file causes overwirtes of critical files with trash.
Thanks, Ron DuFresne On Wed, 26 Nov 2003, Brett Hutley wrote: > Folks, does anyone know why predictable process IDs are considered harmful? > > I can see that there could be the possibility of a compromise if your > cryptographic PRNGs are seeded using a process ID. > > Does anyone know of any other types of attacks? > > Cheers, Brett > -- > Brett Hutley [MAppFin,CISSP,SANS GCIH] > mailto:[EMAIL PROTECTED] > http://hutley.net/brett > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
