It can, and *does* happen... people do use garbage collectors, you know.
>
> > Also in theory it is a covert channel.
>
> Now _this_ I buy. Bug status confirmed, IMO.
>
Not a covert channel, really (Linux doesn't protect against covert
channels in the classical sense[1] -- by design, as it is far too
expensive). What it is is an *information leak* -- giving something a
peephole into something they shouldn't have. This is the same reason
why platforms which clobber registers across system calls absolutely
positively must make sure that those registers contain either
perfectly predictable, harmless, information on return (this may
happen if the syscall return is sufficiently stylized and in assembly)
OR they get explicitly cleared (usually the preferred option, because
it is easier to validate.)
-hpa
[1] The classical definition of a covert channel is an unauthorized
channel between two unprivileged processes. Linux doesn't
restrict communication between two processes that want to
communicate with each other; even if they operate inside different
chroot jails they can on virtually all systems open a loopback TCP
socket and communicate overtly. Even if that were to be elevated
to a capability which these processes don't have, Linux has
plently of high-bandwidth covert channels available; the
predictable assignment of pids is one of the first things that
comes to mind.
Given the way computers are dropping in price, if you really have
need to keep processes from communicating (a very rare need), you
can always hard-partition: put them on different boxes.
--
PGP: 2047/2A960705 BA 03 D3 2C 14 A8 A8 BD 1E DF FE 69 EE 35 BD 74
See http://www.zytor.com/~hpa/ for web page and full PGP public key
I am Bahá'í -- ask me about it or see http://www.bahai.org/
"To love another person is to see the face of God." -- Les Misérables
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/