Re: RFC/PATCH: Random pid generation

• Next message: Matthias Andree: "Re: [OT]mailing list delay"
• Previous message: Olaf Titz: "Re: [idea] request_module(const char *fmt, ...);"
• In reply to: Marcus Sundberg: "Re: RFC/PATCH: Random pid generation"
• Next in thread: Marcus Sundberg: "Re: RFC/PATCH: Random pid generation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 11, 2000 at 01:44:02PM +0100, Marcus Sundberg wrote:
> "Ph. Marek" <marek@mail.bmlv.gv.at> writes:
>
> > Short summary:
> > More and more programs (eg
> > CGI-Scripts) use the PID as pseudo-random number.
>
> Then they are broken.

Agreed. Yet another example of what Alan once described as "My
programming sucks, go fix something else". I don't think the os
should support or encourage ridiculously broken assumptions[1] in any
way.

Sean

[1]Especially not by bad cgi programmers. Secure cgi is more
difficult than a lot of people seem to think, and random pids aint
going to stop null-byte PATHINFO attacks etc.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Matthias Andree: "Re: [OT]mailing list delay"
• Previous message: Olaf Titz: "Re: [idea] request_module(const char *fmt, ...);"
• In reply to: Marcus Sundberg: "Re: RFC/PATCH: Random pid generation"
• Next in thread: Marcus Sundberg: "Re: RFC/PATCH: Random pid generation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:20 EST