Re: 32-bit pid_t / security

From: Andries Brouwer (aeb@veritas.com)
Date: Sun Oct 01 2000 - 21:16:44 EST


On Sun, Oct 01, 2000 at 07:51:13PM +0200, David Weinehall wrote:

> Hoping for security just by having more
> PID's is a bit naive.

*1*
It is strange that people do not really seem to understand
the case for a 32-bit pid_t.
This case is: "16 bits is not enough".

We all know that 640KB was enough, and that 1024 cylinders was enough,
and ten or twenty years later these assumptions turned out to be very
inconvenient.

Today 32000 processes is enough - I rarely see more than 500.
But there will be a moment in time when 32000 no longer is enough.
If we have to change anyway, changing early is better than
changing late. There always are people with unusual needs.

*2*
So, in the long run we want a large pid_t. What about the short run?
For today the disadvantages are negligeable, and for people who
like security there are definite advantages.

David, I already said the same to someone else:
Security is not a yes/no matter. It is a matter of less or more.
Thus, "Hoping for security" is meaningless.
But "Hoping for more security by having more PID's" is quite
reasonable. If I am local user on your system then I can break in
using a wraparound. If that takes 2147483647 processes I have to
wait longer than when that takes 32000 processes.

Andries
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Oct 07 2000 - 21:00:09 EST