[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: establishing the callers PID

From: Marcus Brinkmann
Subject: Re: establishing the callers PID
Date: Sun, 12 May 2002 03:16:18 +0200
User-agent: Mutt/1.3.28i

On Sat, May 11, 2002 at 06:02:18PM -0700, Thomas Bushnell, BSG wrote:
> Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de> writes:
> > I think it is absolutely mandatory that we establish the PID in a
> > trustworthy way rather than let the user provide some unique ID on its own.
> > I think there is already a place in the Hurd where we should do that but
> > don't (wasn't that term's term_open_ctty?), and there are all sort of simple
> > attacks possible if we can't trust the PID (eg a monitor server might check
> > for stale advisory locks and kill processes that don't release them timely. 
> > In the untrusted model, a user could make this monitor process kill
> > arbitrary processes on the system).
> Nope; a malicious filesystem could just return bogus PID values too.

Mmh, we could restrict the monitor to trusted filesystems (eg /).
> I don't think this is a serious security issue, actually.  Such a
> monitor depends on an awful lot--it's not a strict Posix program
> already.

I am not really particularly attached to my example, it was just one of the
first that came to my mind.  Are you suggesting with "I don't think that
this is a serious security issue" that relying on a PID provided by the user
is good enough in the general case?  Or were you only relating this to my


`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann              GNU    http://www.gnu.org    marcus@gnu.org

reply via email to

[Prev in Thread] Current Thread [Next in Thread]