Check out the new USENIX Web site. next up previous
Next: Rootshell vs. DoS Up: Limitations Previous: Unpredictable Execution

Forked Processes

In the current StackGhost incarnation, forked processes have an identical Per-Process cookie.

It may be possible to unroll the stack and adjust each return pointer in the new process. But the process would have to be non-threaded and it would duplicate the program stacks instead of using a copy-on-write mechanism - potentially driving up memory utilization. Again, further research must be done.