Re: Per-Processor Data Page

Jim Gettys (jg@pa.dec.com)
Fri, 10 Dec 1999 03:07:32 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeffrey B. Siegal: "Re: Windows 9x and RFC1323"
Previous message: Ingo Molnar: "Re: timer_bh behaviour incorrect for 2.2.13?"

> From: Andi Kleen <ak@suse.de>
> Date: Fri, 10 Dec 1999 02:41:39 +0100
> To: Bret Indrelee <bindrele@sbs.com>
> Cc: linux-kernel@vger.rutgers.edu
> Subject: Re: Per-Processor Data Page
> -----
> On Thu, Dec 09, 1999 at 04:32:31PM -0600, Bret Indrelee wrote:
> > If processes can get a highly accurate time value from some sort of global
> > clock, it allows a pair of processes to create a covert channel for passing
> > information. The less secure program monitors the time variences of the
> > high-security program in order to get information about or from them.
>
> Linux simply does not support real compartmentation and probably never will.
> It only makes sense on mainframes anyways, in the PC age you simply buy
> another box and separate them with a 10 cm gap of air (patent pending) security
> border. Complicating the OS is simply not worth it.
>
>

You forgot the Tempest box to put each PC in; air gaps aren't good enough
for people who really want security: that drives the cost up
considerably :-).

- Jim

-- Jim Gettys Technology and Corporate Development Compaq Computer Corporation jg@pa.dec.com

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeffrey B. Siegal: "Re: Windows 9x and RFC1323"
Previous message: Ingo Molnar: "Re: timer_bh behaviour incorrect for 2.2.13?"