Re: kern.randompid: jot generation senseful?
On Tuesday 09 May 2006 17:13, Frank Steinborn wrote: > Nikos Vassiliadis wrote: > > Isn't kern.randompid a boolean? TRUE or FALSE? > > No. > > > It is just on or off. 1 means PIDs are random. > > 0 means PIDs are sequential. to be exact, everything > > not being 0, is TRUE. > > That is not true. Peter Pentchev once wrote: > > "The kern.randompid sysctl is not a boolean flag, but an estimate of > the random value that will be added to each newly created pid. For > more information, read the comments in src/sys/kern/kern_fork.c before > the sysctl_kern_randompid() function (around line 150). The function > itself ignores sysctl settings of less than 2." > Excuse my ignorance. It was an unlucky guess... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kern.randompid: jot generation senseful?
On Tue, 9 May 2006 16:13:18 +0200 Frank Steinborn <[EMAIL PROTECTED]> wrote: > Nikos Vassiliadis wrote: > > Isn't kern.randompid a boolean? TRUE or FALSE? > > No. > > > It is just on or off. 1 means PIDs are random. > > 0 means PIDs are sequential. to be exact, everything > > not being 0, is TRUE. > > That is not true. Peter Pentchev once wrote: > > "The kern.randompid sysctl is not a boolean flag, but an estimate of > the random value that will be added to each newly created pid. For > more information, read the comments in src/sys/kern/kern_fork.c before > the sysctl_kern_randompid() function (around line 150). The function > itself ignores sysctl settings of less than 2." Yes, but constantly changing the setting is unneeded. Simply set it to something large, like 1, and a random number between 2 and 1 will be added to the pid of each new child. -- Bill Moran Collaborative Fusion Inc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kern.randompid: jot generation senseful?
On Tue, May 09, 2006 at 02:20:25PM +0200, [EMAIL PROTECTED]@mgEDV.net wrote: > [asked on -security before, but no answer, maybe here's more traffic ;-)] > > hi, > > is a random pid generation really a security enhancement? Yes, but a fairly minor one. > > if yes, would it make sense to setup something like: > --> sysctl kern.randompid=`jot -r 1 500 2000` > in cron to be executed every X mins/hrs? No, that would not make any sense. What would you be expecting to achieve by that? > > and finally, what are the recommended minimum (security) > and maximum (performance) values for kern.randompid? -- Erik Trulsson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kern.randompid: jot generation senseful?
Nikos Vassiliadis wrote: > Isn't kern.randompid a boolean? TRUE or FALSE? No. > It is just on or off. 1 means PIDs are random. > 0 means PIDs are sequential. to be exact, everything > not being 0, is TRUE. That is not true. Peter Pentchev once wrote: "The kern.randompid sysctl is not a boolean flag, but an estimate of the random value that will be added to each newly created pid. For more information, read the comments in src/sys/kern/kern_fork.c before the sysctl_kern_randompid() function (around line 150). The function itself ignores sysctl settings of less than 2." Frank ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kern.randompid: jot generation senseful?
On Tuesday 09 May 2006 15:20, [EMAIL PROTECTED]@mgEDV.net wrote: > [asked on -security before, but no answer, maybe here's more traffic ;-)] > > hi, > > is a random pid generation really a security enhancement? > > if yes, would it make sense to setup something like: > --> sysctl kern.randompid=`jot -r 1 500 2000` > in cron to be executed every X mins/hrs? Isn't kern.randompid a boolean? TRUE or FALSE? > > and finally, what are the recommended minimum (security) > and maximum (performance) values for kern.randompid? It is just on or off. 1 means PIDs are random. 0 means PIDs are sequential. to be exact, everything not being 0, is TRUE. > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: kern.randompid: jot generation senseful?
On 5/9/06, [EMAIL PROTECTED]@mgEDV.net <[EMAIL PROTECTED]> wrote: [asked on -security before, but no answer, maybe here's more traffic ;-)] hi, is a random pid generation really a security enhancement? if yes, would it make sense to setup something like: --> sysctl kern.randompid=`jot -r 1 500 2000` in cron to be executed every X mins/hrs? and finally, what are the recommended minimum (security) and maximum (performance) values for kern.randompid? You can't change it once the system is running me thinks, so you'd run it at boot and that'd be that... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"