On Sun, Feb 05, 2017 at 10:26:35AM -0800, Paul Eggert wrote: > Pádraig Brady wrote: > > In general this is a largely theoretical race right? > > I.E. pids would need to be recycled between the waitpid() and exit()? > > Not that theoretical, in the common case of systems with wraparaound PIDs > and a small PID space. All you need is a long-running child on a busy > system.
Yes, normally it is small enough to overflow in less than a minute if an attacker runs fork() kill() in a loop. I have updated the patch so it passes the test. As I don't have enough experience in portable #ifdef's for all supported systems, I hope you can adjust the patch as needed. Tobias
