Re: RFC/PATCH: Random pid generation

Khimenko Victor (khim@sch57.msk.ru)
Sat, 15 Jan 2000 10:54:09 +0300 (MSK)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Thomas E. Dodd /CSDC: "Re: February 30th 2000"
Previous message: Markus Hennig: "[PATCH] netfilter.c ip_output.c OR The favorite kernel-debug method?"
Maybe in reply to: Ph. Marek: "RFC/PATCH: Random pid generation"

In <Pine.SOL.4.05.10001131534070.19146-100000@copland.udel.edu> Mike Porter (mike@UDel.Edu) wrote:
>> WRT the security issues; predictable pids have always assisted the cause
>> of the cracker. Any extra difficulty we can generate is always
>> useful. Obviously it's only worth considering for 32bit pids not 16bit.
>>
>> Cheers
>> Chris

> If you are going to use random pids to help prevent crackers from
> guessing the next pid, then the method used to generate the random
> numbers needs to be cryptographically secure. From what I
> understand, this is pretty non-trivial (see: Yarrow at
> http://www.counterpane.com/).

Yes and no. It's non-trivial but it's in kernel anyway (there are exist
pool for /dev/random and it's very close to be "true cryptographically
secure"). Even if it's not "cryptographically secure" now it'll be fixed
when some problems will be discowered (it's used by GPG and thus it SHOULD
be secure!).

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Thomas E. Dodd /CSDC: "Re: February 30th 2000"
Previous message: Markus Hennig: "[PATCH] netfilter.c ip_output.c OR The favorite kernel-debug method?"
Maybe in reply to: Ph. Marek: "RFC/PATCH: Random pid generation"