From: Matt Mackall <[email protected]>
Date: Sat, 6 May 2006 15:33:04 -0500
> On Sat, May 06, 2006 at 02:05:51PM -0400, Theodore Tso wrote:
> > For network traffic, again, it depends on your threat model.
>
> Here's a threat model: I remotely break into your LAN and 0wn insecure
> Windows box X that's one switch jump away from the web server Y that
> processes your credit card transactions. I use standard techniques to
> kick the switch into broadcast mode so I can see all its traffic or
> maybe I break into the switch itself and temporarily isolate Y from
> the rest of the world so that only X can talk to it. I'm still in
> Russia, but I might as well be in the same room.
Doesn't matter.
You cannot measure any of the delays happening between network packet
being seen on the wire to interrupt handler actually executing.
There is so much variable jitter and it depends on so many minute
details at both the hardware and software level, that you can't guess
this stuff. What's the load on the box? How many clock cycles does
it take for an interrupt to propagate to the cpu, how many clock
cycles from interrupt reception until the cpu executes the interrupt
handler, how are the hw interrupt mitigation facilities programmed
and how do their timers work, what is the wire to PHY delay, what is
the PHY to MAC delay, how many cycles does it take for the FIFO to
DMA the packet into main memory, what is the delay from DMA'ing the
packet to main memory and the indication of the interrupt condition.
etc. etc. etc.
You can't know any of that.
Please put together a real reproducable attack that others can run too
and would validate justify SA_SAMPLE_RANDOM from networking drivers.
It's all swiss cheese theory until you do this. And we should not be
making kernel changes merely due to swiss cheese theory.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]