> > I've ported my random-PID-patch from 2.2.19 to 2.4.19.
> > It should be downloadable from
> > http://www.vanheusden.com/Linux/fp-2.4.19.patch.gz
> > (or follow the link from
> > http://www.vanheusden.com/Linux/kernel_patches.php3 )
> RSK> hm
> RSK> what's the point of random PIDs?
> Sometimes, (well; frequently) programs that create temporary
> files let the filename depend on their PID. A hacker could use
> that knowledge. So if you know that the application that
> you're starting uses the last PID+1, you could make sure that
> that file already exists or create a symlink with that name or
> whatsoever causing the application you're starting to do
> things it's not supposed to. Like forcing suid apps to create
> a file in the startup-scripts dir. or something.
How about I create 2^15 symlinks then?
Really, the only true solution to this problem is to fix the apps.
-- Tomas Szepe <email@example.com> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to firstname.lastname@example.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Nov 15 2002 - 22:00:21 EST