Non-random PIDs
Rik van Riel
riel at redhat.com
Sun Aug 1 21:32:21 UTC 2004
On Sun, 1 Aug 2004, Jason Dixon wrote:
> I see that there is a maintained random-PID patch for the 2.4 series.
> The author claims it was rejected by Alan Cox because it was merely
> "security through obscurity". I'm a little surprised to hear that, but
> oh well.
It is true, though. The random-PID patch might decrease
the chance of exploiting a certain bug by a small factor,
but that's no substitute for actually fixing the bug ...
It's a bit like using slighty randomised file names in
/tmp to decrease the chance of a symlink attack hitting;
just not the proper fix...
--
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
More information about the redhat-list
mailing list