Re: [2.6 patch] let CONFIG_SECCOMP default to n

From: Valdis . Kletnieks
Date: Fri Jul 14 2006 - 23:02:11 EST


On Fri, 14 Jul 2006 01:11:18 +0200, andrea@xxxxxxxxxxxx said:
> On Thu, Jul 13, 2006 at 09:29:41PM +0000, Pavel Machek wrote:
> > Actually random delays are unlike to help (much). You have just added
> > noise, but you can still decode original signal...
>
> You're wrong, the random delays added to every packet will definitely
> wipe out any signal.

I call shenanigans on that.

Take a look at the NTP userspace code, which has some very nice code to
filter network jitter.

In fact, the best you can do here is to reduce the effective bandwidth
the signal can have, as Shannon showed quite clearly.

And even 20 years ago, the guys who did the original DoD Orange Book
requirements understood this - they didn't make a requirement that covert
channels (both timing and other) be totally closed down, they only made
a requirement that for higher security configurations the bandwidth of
the channel be reduced below a specified level...

Attachment: pgp00000.pgp
Description: PGP signature