Philip Hazel writes:
>
> On Mon, 6 Nov 2000, Chris Thompson wrote:
>
> > (b) is not as safe as it sounds, in the case of a deliberate attack. Most
> > Unix systems allocate new pids on the basis of a pointer that is certainly
> > likely to take a lot longer a second to complete a cycle. But there's
> > nothing to ensure that Exim's pid is a particularly *new* pid:
> >
> > sleep (until pid pointer has almost cycled) && exec exim -options
>
> But how likely is is that that sleep will be less than one second? I
> assume the chance is effectively zero.
You miss the point: the pid of the exim process *is* the pid of the process
that did the sleeping. That's why I wrote "exec"!
I should be more explicit. Suppose that the pid pointer reliably cycles every
20 minutes (real life would be more complicated, of course). Then I run the
script
#!/bin/sh
sleep 1199
exec exim -t </some/file/containing/a/message
and if that exim completes within a second, then there's a definite chance
that the pid just freed will get reused for another exim process almost
immediately, as it is the pid that was allocated to the /bin/sh process
20 minutes earlier.
Chris Thompson
Email: cet1 [at] cam.ac.uk
