Full Disclosure mailing list archives
ALERT ALERT plaintext passwords in linux ALERT ALERT
From: lcamtuf () ghettot org (Michal Zalewski)
Date: Sun, 15 Sep 2002 19:22:33 -0400 (EDT)
On Sun, 15 Sep 2002 silvio () big net au wrote:
a nice method to find "hidden" processes is to recognize that a process is a process id can be considered an exclusive resource that is available on request by anyone on the system. so the idea is to cycle through all the pid's, and see which ones you can't obtain. if at the same time you can view such a process in the regular listings.. something is interesting. in any case, it would appear that the task slot cannot be allocated for "some" reason(s).
Yes and no. A fair number of PIDs is not available to mere mortals. On a typical Linux, 0-300 and 32768-65535 are protected one way or another, yet it's perfectly possible for a hiding process to claim one of those... plus, "exclusive" use is not really guaranteed, two processes can share a single PID (older Linuxes, 2.0, even allowed you to do that from user-space with clone(), now it requires some hacking).
note that on linux recycling the pid's goes back to 300.. a sysctl would be nice here to set this figure.
This mechanism is fairly bogus. I imagine it is supposed to speed things up and perhaps keep things in order - lower pids are supposed to be occupied by daemons after boot-up. In reality, however, a typical start-up sequence for recent Red Hat distros - and, I imagine, most other Linuxes - is so blown up that first daemons will be started with PIDs closer to 400-500. The mechanism, as such, is quite pointless, just wasting 300 PIDs. -- _____________________________________________________ Michal Zalewski [lcamtuf () bos bindview com] [security] [http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};: =-=> Did you know that clones never use mirrors? <=-= http://lcamtuf.coredump.cx/photo/
Current thread:
- ALERT ALERT plaintext passwords in linux ALERT ALERT ppan () hushmail com (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT Ka (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT John (Sep 16)
- <Possible follow-ups>
- ALERT ALERT plaintext passwords in linux ALERT ALERT ppan () hushmail com (Sep 15)
- Re[2]: ALERT ALERT plaintext passwords in linux ALERT ALERT Mikhail Iakovlev (Sep 15)
- Re[2]: ALERT ALERT plaintext passwords in linux ALERT ALERT martin f krafft (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT silvio () big net au (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT Michal Zalewski (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT silvio () big net au (Sep 15)
- Re[2]: ALERT ALERT plaintext passwords in linux ALERT ALERT Mikhail Iakovlev (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT Guy Cohen (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT White Vampire (Sep 15)