Subject: Re: rpc xid randomness
To: Jun-ichiro itojun Hagino <>
From: Frank van der Linden <>
List: tech-security
Date: 09/09/2003 00:49:41
Ok, a few points..

Your changes make the *initial* XID random. The initial XID is set when
an RPC connection is set up. The rest of the XIDs is generated by
decrementing the initial XID.

If that avoids duplication, it's fine with me, since the additional
slow code is only used when setting up the connection; it's a one-time
overhead that you won't really see in a benchmark such as lat_rpc
or spray(8).

However, if you mean to randomize *every* XID, this algorithm is
way too expensive.

- Frank

Frank van der Linden                                  
NetBSD. Free, Unix-like OS. > 45 different platforms.