random PID patch

random PID patch

[Heusden van, FJJ (Folkert)]

Hi,

I've ported my random-PID-patch from 2.2.19 to 2.4.19.
It should be downloadable from
http://www.vanheusden.com/Linux/fp-2.4.19.patch.gz
(or follow the link from http://www.vanheusden.com/Linux/kernel_patches.php3
)


Folkert van Heusden

p.s.: please send replies through e-mail: I'm not on this list

----------------------------------------------------------------------
Folkert van Heusden
Rabobank IBV
Locatie: UHB212, postadres: UHG439
Tel:      +31 30 2161262
Fax:     +31 30 2161922
e-mail: f.j.j.heusden@rn.rabobank.nl
----------------------------------------------------------------------
FTR Computing & Consulting [ www.ftr.nl ]
e-mail: f.v.heusden@ftr.nl
----------------------------------------------------------------------
Prive [ www.vanheusden.com ]
GSM:    +31-6-41278122
e-mail: folkert@vanheusden.com
----------------------------------------------------------------------


================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.

Re: random PID patch

[Roy Sigurd Karlsbakk]

On Monday 11 November 2002 09:40, Heusden van, FJJ (Folkert) wrote:
> Hi,
>
> I've ported my random-PID-patch from 2.2.19 to 2.4.19.
> It should be downloadable from
> http://www.vanheusden.com/Linux/fp-2.4.19.patch.gz
> (or follow the link from
> http://www.vanheusden.com/Linux/kernel_patches.php3 )

hm

what's the point of random PIDs?

-- 
Roy Sigurd Karlsbakk, Datavaktmester
ProntoTV AS - http://www.pronto.tv/
Tel: +47 9801 3356

Computers are like air conditioners.
They stop working when you open Windows.

RE: random PID patch

[Heusden van, FJJ (Folkert)]

> I've ported my random-PID-patch from 2.2.19 to 2.4.19.
> It should be downloadable from
> http://www.vanheusden.com/Linux/fp-2.4.19.patch.gz
> (or follow the link from
> http://www.vanheusden.com/Linux/kernel_patches.php3 )
RSK> hm
RSK> what's the point of random PIDs?

Sometimes, (well; frequently) programs that create temporary
files let the filename depend on their PID. A hacker could use
that knowledge. So if you know that the application that
you're starting uses the last PID+1, you could make sure that
that file already exists or create a symlink with that name or
whatsoever causing the application you're starting to do
things it's not supposed to. Like forcing suid apps to create
a file in the startup-scripts dir. or something.


================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.

RE: random PID patch

[Grzegorz Jaskiewicz]

> I agree, though,  that it should not be implemented in the main-
> kernel. Still, it can be usefull.
Imho this should be just as an option to choose before kernel
compilation.
There are many patches already, that serves this feature (grsec).
This patch has already many other usefull features (proc restryctions
fe). That should already be in kernel, but as an option.

-- 
Greg Iaskievitch

Re: random PID patch

[Tomas Szepe]

> > I've ported my random-PID-patch from 2.2.19 to 2.4.19.
> > It should be downloadable from
> > http://www.vanheusden.com/Linux/fp-2.4.19.patch.gz
> > (or follow the link from
> > http://www.vanheusden.com/Linux/kernel_patches.php3 )
> RSK> hm
> RSK> what's the point of random PIDs?
> 
> Sometimes, (well; frequently) programs that create temporary
> files let the filename depend on their PID. A hacker could use
> that knowledge. So if you know that the application that
> you're starting uses the last PID+1, you could make sure that
> that file already exists or create a symlink with that name or
> whatsoever causing the application you're starting to do
> things it's not supposed to. Like forcing suid apps to create
> a file in the startup-scripts dir. or something.

How about I create 2^15 symlinks then?
Really, the only true solution to this problem is to fix the apps.

-- 
Tomas Szepe <szepe@pinerecords.com>

RE: random PID patch

[Heusden van, FJJ (Folkert)]

> Sometimes, (well; frequently) programs that create temporary
> files let the filename depend on their PID. A hacker could use
> that knowledge. So if you know that the application that
> you're starting uses the last PID+1, you could make sure that
> that file already exists or create a symlink with that name or
> whatsoever causing the application you're starting to do
> things it's not supposed to. Like forcing suid apps to create
> a file in the startup-scripts dir. or something.
TS> How about I create 2^15 symlinks then?
TS> Really, the only true solution to this problem is to fix the apps.

True. But until ALL applications are fixed and until this bug is no
longer written, this patch can help...

I agree, though,  that it should not be implemented in the main-
kernel. Still, it can be usefull.


================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en 
is uitsluitend bestemd voor de geadresseerde. Indien u dit bericht 
onterecht ontvangt, wordt u verzocht de inhoud niet te gebruiken en 
de afzender direct te informeren door het bericht te retourneren. 
================================================
The information contained in this message may be confidential 
and is intended to be exclusively for the addressee. Should you 
receive this message unintentionally, please do not use the contents 
herein and notify the sender immediately by return e-mail.

RE: random PID patch

[Alan Cox]

On Mon, 2002-11-11 at 10:12, Heusden van, FJJ (Folkert) wrote:
> Sometimes, (well; frequently) programs that create temporary
> files let the filename depend on their PID. A hacker could use
> that knowledge. So if you know that the application that

Still can if its random. The attacker can be the one who exec's the
vulnerable app. The attacker can use dnotify

> things it's not supposed to. Like forcing suid apps to create
> a file in the startup-scripts dir. or something.

Just use namespaces and give every login their own /tmp

Re: random PID patch

[Pavel Machek]

Hi!

> > Sometimes, (well; frequently) programs that create temporary
> > files let the filename depend on their PID. A hacker could use
> > that knowledge. So if you know that the application that
> 
> Still can if its random. The attacker can be the one who exec's the
> vulnerable app. The attacker can use dnotify
> 
> > things it's not supposed to. Like forcing suid apps to create
> > a file in the startup-scripts dir. or something.
> 
> Just use namespaces and give every login their own /tmp

Use namespaces? I thought export TMPDIR= was the solution ;-).

							Pavel
-- 
When do you have heart between your knees?