Re: [2.6 patch] let CONFIG_SECCOMP default to n

[andrea]

On Thu, Jul 13, 2006 at 09:29:41PM +0000, Pavel Machek wrote:
> Actually random delays are unlike to help (much). You have just added
> noise, but you can still decode original signal...

You're wrong, the random delays added to every packet will definitely
wipe out any signal.

But regardless of what is the best fix for the network attack I quote
Ingo:

   correct. But when i suggested to do precisely that i got a rant from
   Andrea of how super duper important it was to disable the TSC for
   seccomp ... (which argument is almost total hogwash)

Now if the availability of the nanosecond precision of the TSC is
almost total hogwash, how can the network attack be a real concern?

Either the NOTSC feature is critically important (and I don't think it
is but it's not total hogwash either), or the network attach is an
absolute red-herring.

You can't get it both ways. It can't be the NOTSC isn't needed but the
network attack is a serious concern.

What is currently shocking me is that if you really think the network
attack isn't an absolute red-herring, then it's very weird you're
answering to my email instead of answering to Ingo when he says the
availability of the TSC is almost total hogwash.

And please feel free to demonstrate the network attack, remote seccomp
computations are already possible so if you want to start listening to
a signal you can.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/