Full Disclosure mailing list archives
Re: Attacks based on predictable process IDs??
From: Christopher Allene <cwis () nerim fr>
Date: Wed, 26 Nov 2003 03:09:03 +0100
Brett Hutley (brett () hutley net) wrote on 2003-11-26 at 11:32:
Folks, does anyone know why predictable process IDs are considered harmful?
Predictable process IDs can be used as a vector to attack programs vulnerable to race conditions in /tmp file creation, in case those programs use their PID to create a file, meaning you could possibly create one (or, for "practical" uses, more often a link or a named pipe) first. Programs which uses the following pseudo-code are also vulnerable: srand (getppid ()); because the sequence of the so-called rand()om numbers is predictible. (Arguably, calling srand() passing a xor of your PID and the current time is no better. See perldoc -f srand for a discussion on this, I'm getting offtopic.) Thus, I remember a really weird situation where predictable PIDs were used to compromise security, it was discussed on BugTraq a while ago, but I couldn't find a track of it in my BT archive... anyone? -- Christopher Allène _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Attacks based on predictable process IDs?? Brett Hutley (Nov 25)
- Re: Attacks based on predictable process IDs?? Christopher Allene (Nov 25)
- Re: Attacks based on predictable process IDs?? Brett Hutley (Nov 25)
- Re: Attacks based on predictable process IDs?? Jirka Kosina (Nov 26)
- Re: Attacks based on predictable process IDs?? Wojciech Purczynski (Nov 27)
- Re: Attacks based on predictable process IDs?? Dirk Mueller (Nov 27)
- Re: Attacks based on predictable process IDs?? Thomas Preissler (Nov 27)
- Re: Attacks based on predictable process IDs?? Wojciech Purczynski (Nov 28)
- Re: Attacks based on predictable process IDs?? Luis Bruno (Nov 28)
- Re: Attacks based on predictable process IDs?? Wojciech Purczynski (Nov 27)
- Re: Attacks based on predictable process IDs?? Christopher Allene (Nov 25)