LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

eclone()

eclone()

Posted Nov 20, 2009 12:43 UTC (Fri) by anselm (subscriber, #2796)
In reply to: eclone() by quotemstr
Parent article: eclone()

Maybe. Off the top of my head, the problems with that might be that

  • other processes will fork, too, so especially on a busy system the signal-to-noise ratio will probably be much worse, and
  • you may not be allowed to create as many simultaneous processes as you need to make yourself noticeable.

The main difference is that with sequentially numbered PIDs, the receiver of the covert channel only needs to fork(2) periodically and look at the returned child PID to find out how many processes have been created in the meantime; it does not need to be able to find out how many processes are running on the system, let alone be able to find out how many child processes another process has (when a suitably hardened system may prevent it from finding out any details about that process at all, which is why the covert channel is necessary to begin with).

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds