LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

eclone()

eclone()

Posted Nov 20, 2009 9:32 UTC (Fri) by anselm (subscriber, #2796)
In reply to: eclone() by socket
Parent article: eclone()

If PIDs are increased sequentially, unrelated programs can use the rate of process creation as a »covert channel« for (low-bandwidth) communication. Randomised PIDs prevent that.

(Log in to post comments)

eclone()

Posted Nov 20, 2009 12:28 UTC (Fri) by quotemstr (subscriber, #45331) [Link]

Couldn't you use fluctuating number of processes as an even-lower-bandwidth covert channel?

eclone()

Posted Nov 20, 2009 12:43 UTC (Fri) by anselm (subscriber, #2796) [Link]

Maybe. Off the top of my head, the problems with that might be that

  • other processes will fork, too, so especially on a busy system the signal-to-noise ratio will probably be much worse, and
  • you may not be allowed to create as many simultaneous processes as you need to make yourself noticeable.

The main difference is that with sequentially numbered PIDs, the receiver of the covert channel only needs to fork(2) periodically and look at the returned child PID to find out how many processes have been created in the meantime; it does not need to be able to find out how many processes are running on the system, let alone be able to find out how many child processes another process has (when a suitably hardened system may prevent it from finding out any details about that process at all, which is why the covert channel is necessary to begin with).

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds