[svlug] Reuse of pid's.

Mike Castle dalgoda at gmail.com
Wed Jan 21 12:03:13 PST 2009


On Wed, Jan 21, 2009 at 11:20 AM, Don Marti <dmarti at zgp.org> wrote:
> Not really, since you don't know what pid the kernel
> will give the next process it creates.  Realistically,

I believe that OpenBSD, for example, will randomly allocate pids.  I
wouldn't be surprised if someone would port such an allocation to the
Linux kernel for personal use (if for no other reasons, than just to
break stuff).

On our of our servers at work, we cycle PIDs every 5 minutes or so.

What if, after your first scan, you save off the start time of the
process and compare that on the next scan?  If it's the same, it's
likely the same process.  If you want to be exceptionally paranoid, if
that start time is >= time of your first scan, you can just punt.

There may be other things that you could test as well for uniqueness:
PPID, uid, etc.  Though be aware that some of those can change out
from under you.  Poking around in /proc, there seem to be a few files
I'm too lazy to look up that might have other identifying information
in them.  I imagine that any important one would already be wrapped in
whatever library you're using (libproc?)

mrc




More information about the svlug mailing list