Re: [Exim] How unique are exim queue msg IDs?

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Philip Hazel
日付:  
To: Chris Thompson
CC: exim-users
題目: Re: [Exim] How unique are exim queue msg IDs?
On Mon, 6 Nov 2000, Chris Thompson wrote:

> (b) is not as safe as it sounds, in the case of a deliberate attack. Most
> Unix systems allocate new pids on the basis of a pointer that is certainly
> likely to take a lot longer a second to complete a cycle. But there's
> nothing to ensure that Exim's pid is a particularly *new* pid:
>
>    sleep (until pid pointer has almost cycled) && exec exim -options


But how likely is is that that sleep will be less than one second? I
assume the chance is effectively zero. Or are you thinking of this kind
of attack:

    exim -options to submit a message
    until pid pointer has almost cycled, fork processes that just exit
      immediately
    exim -options to submit another message


What is the chance of all that happening within one second? If it did, 
then Exim would generate the same message ID. If the previous message 
had not yet been delivered, the new message would not be accepted 
because the attempt to create a new spool file would fail.      


-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.