Re: Per-Processor Data Page [mail.linux-kernel]
Mike Touloumtzis (miket@bluemug.com)
Mon, 13 Dec 1999 20:39:17 -0800
On Mon, Dec 13, 1999 at 05:02:30PM -0800, Scott Lurndal wrote:
>
> ------ Forwarded Article <82ppe9$b6vj8@fido.engr.sgi.com>
> ------ From Andi Kleen <ak@suse.de>
>
> > On Thu, Dec 09, 1999 at 04:32:31PM -0600, Bret Indrelee wrote:
> > >
> > > If processes can get a highly accurate time value from some sort
> > > of global clock, it allows a pair of processes to create a covert
> > > channel for passing information. The less secure program monitors
> > > the time variences of the high-security program in order to get
> > > information about or from them.
>
> > Linux simply does not support real compartmentation and probably
> > never will.
>
> While the first part is true, I really hope that the latter isn't.
> Once you leave the small departmental file-server and start to get to
> larger, more capable servers (e.g. OLTP systems, etc.), the need for
> fault tolerance and fault isolation becomes much greater.
>
Scott,
Information compartmentation (elimination of all inter-process
covert channels) is not the same thing as fault tolerance and
isolation. A system could be very fault tolerant and still allow
covert communications via (as Bret says) time-varying CPU workload,
number of subprocesses forked, number of files created in /tmp, or many
other things. Information compartmentation is really hard and not that
rewarding unless you're making systems for the NSA.
miket
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/