Le 2015-05-27 11:53, Fred a écrit :
On 05/27/15 10:18, Simon wrote:
Le 2015-05-26 16:25, Theo de Raadt a écrit :
A 16 bit PID is suppsed to provide true safety?
Please.
The problem is people who believe that shoving a 16 bit value into
a deterministic function gets them somewhere.
So do you confirm that random PID is actually not a security measure?
It is often presented as is, but it would not be the first time that
some wrong rumors get widespread enough to become accepted as a truth
by
most people.
I could also easily imagine that PID have been randomized just because
it was allowed to do so and that it was interesting from the coding
perspective as showing up software bugs that sequential PID would
hardly
uncover (I'm mainly referring here to Ted Unangst's talk:
http://www.openbsd.org/papers/dev-sw-hostile-env.html, see
"randomization" section, backed by the "philosophy" section: "The
sooner
we can break it, the sooner we can fix it").
Having PID's that are not easily predicable helps to reduce the attack
surface.
IMO that is a security measure, but YMMV.
Fred
There is a difference between having random PIDs and having PIDs which
are not easily predictable.
For instance, dividing the 16 bits of the PID to make the 8 lower bits
as a counter and 8 higher bits as a random value would provide both not
easily predictible and not quickly reused PIDs.
However, minor the 100 items array, OpenBSD uses random PIDs. While it
indeed reduces the attack surface against PID predictions (mostly local
exploits) it facilitates attacks relying on PID reuse (includes remote
exploits, so attacks with higher risk than local exploits).
So all in all I'm not convinced at all that using random PIDs reduces
the attack surface, I was actually worrying if it may not be actually
counter productive in terms of security.
