> These software were using the child process PID + a Unix timestamp as
> seed.

Such patterns are the problem.  End of story, really.

> OpenBSD, as a security conscious OS, has already implemented a
> protection against such exploit (cool :) !), but I'm surprised by the
> technical choices made here (less cool :( ). The protection has been
> added in the revision 1.150  (mid-2013) of the file
> `src/sys/kern/kern_fork.c'. It adds a array of a fixed and hardcoded
> size of 100 entries storing the lastly freed PIDs (`pid_t
> oldpids[100];').

That is not a protection; actually more of a strategy to deal with
badly written code so that the ports guys don't lose their hair as

> I was wondering why this has never been implemented? At the first
> glance, this seem to be the safe and best way to do, isn't it?

The safe way is to avoid use of such deterministic non-random
functions, and for the good of the community go on attack against
the remaining places they are used.

deterministic(seed) is not random.

Reply via email to