Re: Is randomizing UID/GUID would make sense?

2017-04-21 Thread Kevin Chadwick
On Fri, 21 Apr 2017 22:39:39 +1000 wrote: > Thanks for the start points, Christian and Philip. > I would have never thought about those use cases. > I'll definitely look into this further. I rewrote some code for key generation for particular memory

Re: Is randomizing UID/GUID would make sense?

2017-04-21 Thread bytevolcano
Thanks for the start points, Christian and Philip. I would have never thought about those use cases. I'll definitely look into this further. On Wed, 19 Apr 2017 13:31:08 + (UTC) Christian Weisgerber wrote: > On 2017-04-19, Philip Guenther wrote: > >

Re: Is randomizing UID/GUID would make sense?

2017-04-19 Thread Christian Weisgerber
On 2017-04-19, Philip Guenther wrote: > For a broader answer to the "why?", take a look at the patches under > /usr/ports/ which add uses of the *_deterministic() calls. For instance, take graphics/netpbm and look at its multitude of image manipulation tools that take a

Re: Is randomizing UID/GUID would make sense?

2017-04-18 Thread Philip Guenther
On Tue, Apr 18, 2017 at 10:12 PM, wrote: ... > Yes, it may be "standards mandated" in some cases (r1.39, bin/ksh/var.c) or > used by 60 pieces of software, but why would software require a PRNG to be > deterministic? > > That is my question, not "what apps and

Re: Is randomizing UID/GUID would make sense?

2017-04-18 Thread bytevolcano
An idiot whose question lacks clarity. My apologies. Of course software uses it. What I was trying to ask was *why* would software actually nee a deterministic PRNG, rather than "what software uses it." In other words, what will break if the PRNG was non-deterministic? Yes, it may be "standards

Re: Is randomizing UID/GUID would make sense?

2017-04-17 Thread Theo de Raadt
> > Correct that it's not designed for that. But we looked into this a lot > > when introducing srand_determinstic(3). > > Are there any applications out there that explicitly require the PRNG > to be deterministic? It doesn't make sense to have that kind of thing > there for minute corner cases,

Re: Is randomizing UID/GUID would make sense?

2017-04-17 Thread bytevolcano
On Sun, 16 Apr 2017 12:01:48 + (UTC) Stuart Henderson wrote: > On 2017-04-15, > wrote: > > OpenBSD still randomizes PIDs, but I don't see the point these days: > >

Re: Is randomizing UID/GUID would make sense?

2017-04-16 Thread Stuart Henderson
On 2017-04-15, wrote: > OpenBSD still randomizes PIDs, but I don't see the point these days: > https://security.stackexchange.com/questions/88692/do-randomized-pids-bring-more-security/89961 'Protect against PID prediction vulnerabilities

Re: Is randomizing UID/GUID would make sense?

2017-04-16 Thread bytevolcano
On Sat, 15 Apr 2017 23:16:18 -0600 "Theo de Raadt" wrote: > > Responding to multiple messages: > > > > On Fri, 20 Jan 2017 08:43:46 +0100 > > "minek van" wrote: > > > I can see that the default users and when creating new ones have > > > their UID/GUID

Re: Is randomizing UID/GUID would make sense?

2017-04-15 Thread Theo de Raadt
> Responding to multiple messages: > > On Fri, 20 Jan 2017 08:43:46 +0100 > "minek van" wrote: > > I can see that the default users and when creating new ones have > > their UID/GUID incremented by 1. > > > > Could it bring more security if the UIDs/GUIDs would be random? >

Re: Is randomizing UID/GUID would make sense?

2017-04-15 Thread bytevolcano
Responding to multiple messages: On Fri, 20 Jan 2017 08:43:46 +0100 "minek van" wrote: > I can see that the default users and when creating new ones have > their UID/GUID incremented by 1. > > Could it bring more security if the UIDs/GUIDs would be random? On Mon, 23 Jan

Re: Is randomizing UID/GUID would make sense?

2017-01-23 Thread andrew fabbro
On Mon, Jan 23, 2017 at 11:00 AM, Martin Schröder wrote: > And what if my UID/GUIDs are random on every host and server? Would > nfs handle that? > Sure. Why not? But then, I'm only talking about UID/GID selection. I'm assuming that jsmith is UID 2000 on every system,

Re: Is randomizing UID/GUID would make sense?

2017-01-23 Thread Martin Schröder
2017-01-23 15:37 GMT+01:00 andrew fabbro : > On Fri, Jan 20, 2017 at 3:44 AM, Martin Schröder wrote: >> 2017-01-20 8:43 GMT+01:00 minek van : >> > Or something would be broken with random UIDs/GUIDs, ex.: NFS? Would it >> > only do pain? >>

Re: Is randomizing UID/GUID would make sense?

2017-01-23 Thread andrew fabbro
On Fri, Jan 20, 2017 at 3:44 AM, Martin Schröder wrote: > 2017-01-20 8:43 GMT+01:00 minek van : > > Could it bring more security if the UIDs/GUIDs would be random? > > Why? What's the attack you want to defend against? > I suppose there's some information

Re: Is randomizing UID/GUID would make sense?

2017-01-20 Thread Martin Schröder
2017-01-20 8:43 GMT+01:00 minek van : > Could it bring more security if the UIDs/GUIDs would be random? Why? What's the attack you want to defend against? > Or something would be broken with random UIDs/GUIDs, ex.: NFS? Would it only > do pain? Yes.

Is randomizing UID/GUID would make sense?

2017-01-19 Thread minek van
Hello! I can see that the default users and when creating new ones have their UID/GUID incremented by 1. Could it bring more security if the UIDs/GUIDs would be random? Or it wouldn't bring any additional security? Or something would be broken with random UIDs/GUIDs, ex.: NFS? Would it