Why do PIDs run non-sequentially?
From: Julianne F. Haugh
The answer (I was there, consider me an authority ...) is that the
PIDs needed to be somewhat unpredictable. This is because AIX was
originally designed with a number of C2 and B1 features, and one of those
is the notion of covert channel analysis. Sequential PIDs are a covert
channel (assuming the system has one PID namespace ...) since the value
of the "next" PID is shared by all currently running processes. So if I
want to sneak some of my classified data out to your co-operating
non-classified program, I can do it by carefully controlling the value
of the "next" PID.
| Home | FAQ |
XML Feeds