> Anyhow... I assume they are using rc4 so assuming the initial state is kept
> secret these should be fairly hard to guess - only, it doesn't satisfy
> Dean's desired criterion that no PID be re-used within a short amount of
> time.
Yeah within 1s is my only concern. I think that we should have high
confidance that time() concat getpid() will generate unique identifier on
a single system... I think if you break that you're looking at trouble
with many tools. In particular Message-ID creation, /tmp filename
creation... qmail's maildir format.
> P.S. I can fork about 732 times/sec on my machine. This doesn't look good
> for re-use if we only have 15 bits.
Although I'll admit, a system doing this many creations isn't really doing
the right thing anyhow. But it'd suck if folks can devise a denial of
service or exploit just because linux can do 16k creations per second on
next year's hardware ;)
There was talk a few months back about a 32-bit pid_t/tid_t encoding which
was useful for fixing some POSIX thread issues. Maybe that should be
revisited?
Dean
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu