Solved How to disable random PID?

jronald

jronald

During installation, I choose to randomize PID for security, now found that PID is randomized everytime, so I can't kill some process by its pid.
How to disable random PID?
 
VladiBG said:
check your sysctl

kern.pid_max: 99999
kern.randompid: 0
Click to expand...
$ sysctl kern.pid_max
kern.pid_max: 99999
$ sysctl kern.randompid
kern.randompid: 822

Then how to disable random pid?

Tried

# sysctl kern.randompid=0

after reboot

$ sysctl kern.randompid
kern.randompid: 405
not work
 
jronald said:
now found that PID is randomized everytime, so I can't kill some process by its pid.
Click to expand...
Sounds to me like you expect some process to always get the same PID if you don't randomize PIDs. That's a flawed assumption. Just add or remove a service from boot process, or have one that fork()s based on some external state, and you'll get different PIDs.

A daemon will write a pidfile (typically in /var/run) or provide an option to do that. Use that file. If your process isn't a daemon, you can use some wrapping to write this file yourself, or you can (less preferable) identify your process by name (e.g. with pgrep(1)).

Don't disable randomized PIDs just for THAT reason, it makes PID guessing impossible for attackers. Of course, there are reasons not to enable randomized PIDs, as they increase the chance of PID reuse on the other hand ... but in neither case, you can rely on a process always having the same PID.
 
My mistake, the pid of lldb always changes when ps aux | grep lldb, the result pid is actually the pid of ps, random pid is ok.
Thanks
 
jronald said:
My mistake, the pid of lldb always changes when ps aux | grep lldb, the result pid is actually the pid of ps
Click to expand...
It's not (the grep(1) would have filtered it out). You may be looking at the PID of grep(1) itself though. Which is why you often see constructs like ps -aux | grep <someproc> | grep -v grep. But the better solution is to use pgrep(1) instead. The best solution is to use the PID file of the process (daemons typically create these), kill $(cat /var/run/<daemon>).
 
You must log in or register to reply here.
Back
Top