On Fri, 10 Nov 2000, Jared D. McNeill wrote:

# Date: Fri, 10 Nov 2000 16:40:13 -0400 (AST)
# From: Jared D. McNeill <jmcneill@invisible.yi.org>
# To: jchacon@genuity.net
# Cc: David Brownlee <abs@netbsd.org>, David Maxwell <david@vex.net>,
#      Jason R Thorpe <thorpej@zembu.com>, current-users@netbsd.org
# Subject: Re: Random PID'
# 
# On Fri, 10 Nov 2000 jchacon@genuity.net wrote:
# > I can usually do the same attack with hard links.
# 
# Ok, then both sym and hard links..

Shaded,

What planet are you on this week? :-)

You CAN'T disable hard links because that would effectively deny
you the ability to create files or directories!

But I haven't read the whole discussion just yet, so I can't be sure
someone else hasn't already brought this up.

But while I'm here, some other notes:

1.  Disabling ps is not going to win either, since someone can just do
    a fork() and get a random PID and figure out what's happening next.

2.  You'd also have to deny read access to /proc.

3.  If you're really concerned about security on a system, you don't
    let random users log on to it in the first place.  That's what
    workstations are for.  If you have a public access server, you
    don't keep sensitive data on it if at all possible (is this
    practical?)

In short, the pid problem is something which is, in reality, a non-
issue, and there is always a trade between security and utility.

# Jared

				--*greywolf;
--
*BSD: the Berkeley redemption.