Maybe we should have a nte in the FAQ as to why we don't
	have the feature - anyone care to write up all the reasons?

                David/absolute
			       -- www.netbsd.org: A pmap for every occasion --


On Fri, 10 Nov 2000 jchacon@genuity.net wrote:

> The fact is, it buys you nothing. I can still attack against the pid because
> the attacked program was never fixed. (it's not as if the pseduo-random code
> isn't something someone can't analyze).
>
> So what you end up with here is "I feel better, my system is more secure!"
> when in reality it's no more secure than before for any reasonably bright
> attacker. i.e. marketing fluff.
>
> James
>
> >
> >On Mon, Nov 06, 2000 at 04:06:45PM -0400, Jared D. McNeill wrote:
> >> On Mon, 6 Nov 2000, Jason R Thorpe wrote exactly what I was thinking
> >>
> >> > Just out of curiosity, what in particular did you like about it?
> >>
> >> Which is why I didn't expect to get it commited; I'm running it on fairly
> >> powerful hardware and I decided I'd share it with other people. I don't
> >> have time to look through the source of every single program on my boxes.
> >
> >It definitely falls into the category of security through obscurity. If
> >I know you're going to create files with a fixed /tmp/abc.$$ format, the
> >random pids may make my life harder, but not impossible.
> >
> >I'd like to see these types of things in pkgsrc though - perhaps with
> >attached commentary from Bugtraq discussions, or from our own gurus.
> >
> >Then someone can
> >
> >a) Have the feature
> >b) Know why it's not in the base system
> >c) Understand why it was done that way.
> >
> >--
> >David Maxwell, david@vex.net|david@maxwell.net --> Although some of you out
> >there might find a microwave oven controlled by a Unix system an attractive
> >idea, controlling a microwave oven is easily accomplished with the smallest
> >of microcontrollers. - Russ Hersch - (Microcontroller primer and FAQ)
> >
> >
> >
> >
> >
>
>