kern.randompid sysctl value

Jordi Espasa Clofent jespasac at minibofh.org
Tue Feb 2 11:25:32 UTC 2010


HI,

1. ¿What's the real value (in terms of security) of the random PIDs feature?

According to this book

http://books.google.es/books?id=gqKwaHmXp4YC&pg=PA50&lpg=PA50&dq=random+pids+security&source=bl&ots=jimAeOQK2Q&sig=WrsBiMAxU-lUCM3pdCjtIYfmiIo&hl=es&ei=OwVoS4nwGMeOjAek5ZCvCQ&sa=X&oi=book_result&ct=result&resnum=9&ved=0CCsQ6AEwCA#v=onepage&q=random%20pids%20security&f=false

I understand that the random PIDs wil be a good security measure against 
some exploits (books says "race conditions"). OpenBSD folks (focused on 
security) have the random PIDs by defaul, so

¿why Freebsd don't use it by default?

2. ¿What will be a real secure value for sysctl parameter? I mean 
'kern.randompid' isn't a boolean, but a large number which determines 
the numeric range to generate de random PIDs. ¿1000, 10000, 100000?

Thanks in advance for aclarations.

PD. I've real this old post 
http://marc.info/?l=freebsd-security&m=99495048923300&w=2. Interesting.

-- 
I must not fear. Fear is the mind-killer. Fear is the little-death that 
brings total obliteration. I will face my fear. I will permit it to pass 
over me and through me. And when it has gone past I will turn the inner 
eye to see its path. Where the fear has gone there will be nothing. Only 
I will remain.

Bene Gesserit Litany Against Fear.


More information about the freebsd-security mailing list