On Aug 1, 2004, at 5:32 PM, Rik van Riel wrote:
On Sun, 1 Aug 2004, Jason Dixon wrote:
I see that there is a maintained random-PID patch for the 2.4 series.
The author claims it was rejected by Alan Cox because it was merely
"security through obscurity". I'm a little surprised to hear that, but
oh well.
It is true, though. The random-PID patch might decrease the chance of exploiting a certain bug by a small factor, but that's no substitute for actually fixing the bug ...
Obviously, fixing any bugs that could be exploited by this should be the priority by any responsible developer. Nevertheless, you have to ask yourself, what advantage is there to generating a pid as pid+1, rather than via entropy? If all things are equal, I would think that random PID generation is simply a better design.
-- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
