This web page was created programmatically, to learn the article in its authentic location you’ll be able to go to the hyperlink bellow:
https://simonwillison.net/2025/Nov/12/h4x0rchat/
and if you wish to take away this text from our website please contact us
Fun-reliable side-channels for cross-container communication (via) Here’s a really intelligent hack for speaking between completely different processes working in several containers on the identical machine. It’s primarily based on intelligent abuse of POSIX advisory locks which permit a course of to create and detect locks throughout byte offset ranges:
These properties mixed are sufficient to supply a primary cross-container side-channel primitive, as a result of a course of in a single container can set a read-lock at some interval on
/proc/self/ns/time, and a course of in one other container can observe the presence of that lock by querying for a hypothetically intersecting write-lock.
I dumped the C proof-of-concept into GPT-5 for a code-level explanation, then had it assist me work out learn how to run it in Docker. Here’s the recipe that labored for me:
cd /tmp
wget
docker run --rm -it -v "$PWD:/src"
-w /src gcc:13 bash -lc 'gcc -Wall -O2
-o h4x0rchat h4x0rchat.c && ./h4x0rchat'
Run that docker run line in two separate terminal home windows and you’ll chat between the 2 of them like this:
This web page was created programmatically, to learn the article in its authentic location you’ll be able to go to the hyperlink bellow:
https://simonwillison.net/2025/Nov/12/h4x0rchat/
and if you wish to take away this text from our website please contact us
