Meter Limit on Processes
This is a real quick note on an idea to include in a meter an up-down counter of how many processes are running under this meter.
A fork operation would deduct one and a return to DK(0) would increment it.
(Perhaps there are other things that would increment it.)
A fork when the limit was 0 would go to meter keeper.
We need to see if this can be made invisible.
This solves two problems:
- A DOS attack in current system where too many processes are spawned.
- A covert channel where one process spins incrementing a memory cell and another process which shares memory with that cell, uses that as a crude clock.
This enables certain types of covert channel where the recipient needs a good clock which on most systems can be denied to suspicious programs.