The fact is, it buys you nothing. I can still attack against the pid because
the attacked program was never fixed. (it's not as if the pseduo-random code
isn't something someone can't analyze).

So what you end up with here is "I feel better, my system is more secure!"
when in reality it's no more secure than before for any reasonably bright
attacker. i.e. marketing fluff.

James

>
>On Mon, Nov 06, 2000 at 04:06:45PM -0400, Jared D. McNeill wrote:
>> On Mon, 6 Nov 2000, Jason R Thorpe wrote exactly what I was thinking
>>
>> > Just out of curiosity, what in particular did you like about it?
>> 
>> Which is why I didn't expect to get it commited; I'm running it on fairly
>> powerful hardware and I decided I'd share it with other people. I don't
>> have time to look through the source of every single program on my boxes.
>
>It definitely falls into the category of security through obscurity. If
>I know you're going to create files with a fixed /tmp/abc.$$ format, the
>random pids may make my life harder, but not impossible.
>
>I'd like to see these types of things in pkgsrc though - perhaps with
>attached commentary from Bugtraq discussions, or from our own gurus.
>
>Then someone can
>
>a) Have the feature
>b) Know why it's not in the base system
>c) Understand why it was done that way.
>
>-- 
>David Maxwell, david@vex.net|david@maxwell.net --> Although some of you out
>there might find a microwave oven controlled by a Unix system an attractive
>idea, controlling a microwave oven is easily accomplished with the smallest
>of microcontrollers. - Russ Hersch - (Microcontroller primer and FAQ)
>
>
>
>
>