grsecurity forums


https://forums.grsecurity.net./

pids not randomized

https://forums.grsecurity.net./viewtopic.php?f=3&t=1739

Page 1 of 1

pids not randomized

PostPosted: Sun May 20, 2007 2:26 pm
by mr.fox
I have just compiled a 2.6.19.2 kernel with grsecurity 2.1.10.

however, process ids are NOT randomized! in the kernel config menu, there is no option to change this, too.

what am I doing wrong? does this depend on other kernel features, and which?

thanks,
- Dave.

PostPosted: Sun May 20, 2007 6:23 pm
by bplant
Hi Dave,

It's mentioned in the release notes: http://grsecurity.net/news.php#grsec2110

Cheers,

Brad

PostPosted: Sun May 20, 2007 6:41 pm
by mr.fox
d'oh! rtfm :)

just out of curiosity, why is this suddenly considered to "not provide additional security"? from earlier versions:

"This is extremely effective along
with the /proc restrictions to disallow an attacker from guessing
pids of daemons, etc. PIDs are also used in some cases as part
of a naming system for temporary files, so this option would keep
those filenames from being predicted as well."

thanks.
- Dave

PostPosted: Mon May 21, 2007 8:21 am
by jj2
I think mostly it was to provides better salt to apps that use getpid as seeding their random number generatr.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/