Re: RFC/PATCH: Random pid generation

From: Sean Hunter (sean@uncarved.co.uk)
Date: Wed Jan 12 2000 - 07:02:21 EST


On Tue, Jan 11, 2000 at 01:44:02PM +0100, Marcus Sundberg wrote:
> "Ph. Marek" <marek@mail.bmlv.gv.at> writes:
>
> > Short summary:
> > More and more programs (eg
> > CGI-Scripts) use the PID as pseudo-random number.
>
> Then they are broken.

Agreed. Yet another example of what Alan once described as "My
programming sucks, go fix something else". I don't think the os
should support or encourage ridiculously broken assumptions[1] in any
way.

Sean

[1]Especially not by bad cgi programmers. Secure cgi is more
difficult than a lot of people seem to think, and random pids aint
going to stop null-byte PATHINFO attacks etc.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:20 EST