Non-random PIDs

Jason Dixon jason at dixongroup.net
Sun Aug 1 21:36:36 UTC 2004


On Aug 1, 2004, at 5:32 PM, Rik van Riel wrote:

> On Sun, 1 Aug 2004, Jason Dixon wrote:
>
>> I see that there is a maintained random-PID patch for the 2.4 series.
>> The author claims it was rejected by Alan Cox because it was merely
>> "security through obscurity".  I'm a little surprised to hear that, 
>> but
>> oh well.
>
> It is true, though.  The random-PID patch might decrease
> the chance of exploiting a certain bug by a small factor,
> but that's no substitute for actually fixing the bug ...

Obviously, fixing any bugs that could be exploited by this should be 
the priority by any responsible developer.  Nevertheless, you have to 
ask yourself, what advantage is there to generating a pid as pid+1, 
rather than via entropy?  If all things are equal, I would think that 
random PID generation is simply a better design.

--
Jason Dixon, RHCE
DixonGroup Consulting
http://www.dixongroup.net






More information about the redhat-list mailing list