Process ids again
Process ids again
Posted Jun 9, 2025 12:14 UTC (Mon) by bluca (subscriber, #118303)In reply to: Process ids again by snajpa
Parent article: Slowing the flow of core-dump-related CVEs
It very much doesn't, so-much-so that relying on that combination for uniqueness caused several CVEs in the past. The start time is not granular enough, and attackers are able to cause a PID + start time clash at their leisure. This is why PIDFDs exist, and we use them when we need to uniquely identify processes for any security-relevant reason (and also more and more non-security-relevant too)
Posted Jun 9, 2025 20:10 UTC (Mon)
by snajpa (subscriber, #73467)
[Link] (3 responses)
Besides, how are you going to use pidfds in this specific case you are replying to? Much confidence in your reply, let's see if you can back that confidence up with something.
Posted Jun 9, 2025 20:26 UTC (Mon)
by bluca (subscriber, #118303)
[Link] (2 responses)
The combination of pidfd inode id plus boot uuid can uniquely identify a process across machines/reboots/everything, so it is suitable for that use case.
Posted Jun 10, 2025 16:11 UTC (Tue)
by snajpa (subscriber, #73467)
[Link] (1 responses)
Posted Jun 10, 2025 16:13 UTC (Tue)
by bluca (subscriber, #118303)
[Link]
Process ids again
Process ids again
Process ids again
Process ids again