[Chris Evans]
> A 32 bit pid_t is more interesting (and plausible). Assuming a
> _signed_ pid_t, a rather high rate of 1000 exploit attempts/second,
> and a 100% race success when the right pid is guessed
Depends. Any time between the fork() and the open("/tmp/$$"), you are
visible in /proc. If that amount of time is significant, no amount of
PID randomness will save you.
Peter
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:23 EST