Full Disclosure mailing list archives
Re: Attacks based on predictable process IDs??
From: Jirka Kosina <jikos () jikos cz>
Date: Wed, 26 Nov 2003 14:07:44 +0100 (CET)
On Wed, 26 Nov 2003, Brett Hutley wrote:
Folks, does anyone know why predictable process IDs are considered harmful? I can see that there could be the possibility of a compromise if your cryptographic PRNGs are seeded using a process ID. Does anyone know of any other types of attacks?
Among other things mentioned in this thread, just take a look on exploit technique used in recent kernel_thread()/ptrace() race condition in Linux kernel. That exploit needed to PTRACE_ATTACH to newly created thread (invoked "automatically" by kmod) before it was possible to know PID of this newly created thread. So it used simple heuristic - current pid + 1, which was true on most systems without PID randomization. -- JiKos. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Attacks based on predictable process IDs?? Brett Hutley (Nov 25)
- Re: Attacks based on predictable process IDs?? Christopher Allene (Nov 25)
- Re: Attacks based on predictable process IDs?? Brett Hutley (Nov 25)
- Re: Attacks based on predictable process IDs?? Jirka Kosina (Nov 26)
- Re: Attacks based on predictable process IDs?? Wojciech Purczynski (Nov 27)
- Re: Attacks based on predictable process IDs?? Dirk Mueller (Nov 27)
- Re: Attacks based on predictable process IDs?? Thomas Preissler (Nov 27)
- Re: Attacks based on predictable process IDs?? Wojciech Purczynski (Nov 28)
- Re: Attacks based on predictable process IDs?? Luis Bruno (Nov 28)
- Re: Attacks based on predictable process IDs?? Wojciech Purczynski (Nov 27)
- Re: Attacks based on predictable process IDs?? Christopher Allene (Nov 25)