[grsec] pid randomization problem - process won't execute and will return zero value

Brad Spengler spender at grsecurity.net
Tue Aug 16 18:10:47 EDT 2005


> With zero in /proc/sys/kernel/grsecurity/rand_pids the
> cycle doesn't break.

I'm able to duplicate the problem as well.  It is definitely a grsec 
bug.  The problem is that p->pid is set in kernel/fork.c much before it 
is inserted into the task list (which makes sense, since choosing the 
pid later on in the process would make fork bombs much more effective), 
but when we check to see if a pid is in use, we obviously can only check 
the ones that already exist in the task list, not those that have had 
their pids allocated but are waiting on some lock to be inserted into 
the task list.  This isn't a problem for the default Linux, because as 
it increments pids, it's impossible to have 65536 forks queued up so 
that a pending pid would be reused.  I've yet to implement the correct 
solution to the problem, but it will most likely involve a list of those 
pending processes, so that I can check them in addition to those already 
in the task list.

-Brad


More information about the grsecurity mailing list