Re: RFC/PATCH: Random pid generation

Sean Hunter (sean@uncarved.co.uk)
Wed, 12 Jan 2000 15:59:41 +0000

On Wed, Jan 12, 2000 at 03:05:03PM +0100, Marcus Sundberg wrote:
> "Sean Hunter" <sean@uncarved.co.uk> writes:
>
> > On Tue, Jan 11, 2000 at 08:20:54PM +0100, Marcus Sundberg wrote:
> > > Stephen Frost <sfrost@ns.snowman.net> writes:
> > >
> > > > People use the PID to create temp files and whatnot,
> > > > from what I've seen.
> > >
> > > And they do that in order to get a unique number, not a random number.
> >
> > This is also a really bad idea, because with easily guessable pids you
> > are opening yourself to /tmp races.
>
> There can be only one process with a given pid at a time, so there can't
> be anything I'd call a race.

You run your program, but I have created a simlink in /tmp with the
same name (because the name is guessable). That is a race because it
relies on contention between two processes (my "ln -s" and your broken
program) over a shared resource (the easily-guessable name in the
shared namespace of the filesystem). This is the definition of a
race. You may not call it that, but everyone else would.

> Ofcourse there are security implications of handling files in /tmp, but
> that is independent of how the filenames are generated and a completely
> different story. A program that relies on non-guessable filenames in
> /tmp to be secure is severly broken.

Agreed.

Sean

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/