Date: Fri, 20 Oct 2023 18:47:31 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 274550] Reporting side channels in TCP/UDP/ICMP implementation Message-ID: <bug-274550-227-wXgjmLLyrD@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-274550-227@https.bugs.freebsd.org/bugzilla/> References: <bug-274550-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D274550 John F. Carr <jfc@mit.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jfc@mit.edu --- Comment #3 from John F. Carr <jfc@mit.edu> --- These don't look like FreeBSD-specific side channels to me, but the expected way IP works. There are tunables net.inet.{udp,tcp}.blackhole for sysadmins= who are afraid of revealing port numbers, and net.inet.icmp.icmplim_jitter to mitigate issue 10. Are you imagining a local attacker whose privileges do not include netstat trying to deduce the code path taken by a packet through the kernel using c= ache misses and branch mispredictions? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-274550-227-wXgjmLLyrD>