[grsec] pid randomization problem - process won't execute and
will return zero value
Brad Spengler
spender at grsecurity.net
Tue Aug 16 18:10:47 EDT 2005
> With zero in /proc/sys/kernel/grsecurity/rand_pids the
> cycle doesn't break.
I'm able to duplicate the problem as well. It is definitely a grsec
bug. The problem is that p->pid is set in kernel/fork.c much before it
is inserted into the task list (which makes sense, since choosing the
pid later on in the process would make fork bombs much more effective),
but when we check to see if a pid is in use, we obviously can only check
the ones that already exist in the task list, not those that have had
their pids allocated but are waiting on some lock to be inserted into
the task list. This isn't a problem for the default Linux, because as
it increments pids, it's impossible to have 65536 forks queued up so
that a pending pid would be reused. I've yet to implement the correct
solution to the problem, but it will most likely involve a list of those
pending processes, so that I can check them in addition to those already
in the task list.
-Brad
More information about the grsecurity
mailing list