On Mon, Jan 11, 2021 at 08:22:08AM +0000, Eric Wong wrote: > Derek Martin <[email protected]> wrote: > Well, mistakes happen... How we deal with them moving forward > is important, though.
I certainly agree with that. > Fwiw, I concur the PID in Message-IDs was a bad idea since it > does unnecessarily leak information about system usage. I'm no > security expert By your own admission, this is a naive (uninformed) opinion. No one has been able to demostrate that the PID is in any way sensitive in this context, and no one ever will, because it isn't. > though I seem to remember kernel patches that would randomize PID > allocation in Linux. The only way a PID could be sensitive is if it is used to generate a piece of information that is sensitive in a security context, e.g. a cookie, or a temporary file name. This is the purpose for the PID randomization patch. The bad news is, if it WERE sensitve, you'd be pretty screwed, because most systems only allow 32k of them, which would make it extremely easy to brute-force attack. As it turns out, this is very likely an extremely bad solution to those types of problems: https://security.stackexchange.com/questions/88692/do-randomized-pids-bring-more-security But it doesn't matter--this is just so much a non-issue for message IDs. We shouldn't be mucking with this. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
signature.asc
Description: PGP signature
