Marcus Brinkmann <[EMAIL PROTECTED]> writes: > I think it is absolutely mandatory that we establish the PID in a > trustworthy way rather than let the user provide some unique ID on its own. > I think there is already a place in the Hurd where we should do that but > don't (wasn't that term's term_open_ctty?), and there are all sort of simple > attacks possible if we can't trust the PID (eg a monitor server might check > for stale advisory locks and kill processes that don't release them timely. > In the untrusted model, a user could make this monitor process kill > arbitrary processes on the system).
Nope; a malicious filesystem could just return bogus PID values too. I don't think this is a serious security issue, actually. Such a monitor depends on an awful lot--it's not a strict Posix program already. Thomas _______________________________________________ Bug-hurd mailing list [EMAIL PROTECTED] http://mail.gnu.org/mailman/listinfo/bug-hurd
