> On Fri, Mar 25, 2011 at 8:36 AM, Mark Kettenis <[email protected]> > wrote: > > On OpenBSD we disable access to %tick from userland. I think the idea > > is to make it harder for people to perform timing attacks, and > > therefore improve security. But I don't consider myself enough of a > > security expert to be able to judge wethere that really helps. So I > > CC'ed tech@ in the hope that a more knowledgable person will chime in. > > I don't believe that for a minute. We allow rdtsc on i386. And due > to the powers of statistics, you could still get reasonable results > even if you had to send a packet to a remote machine to get your > timing data.
I dunno. rdtsc is not the same as what we have on sparc64. If an architecture supports the random profclock, or "dual clock" hack, then the McCanne/Torek "cpupig" denial of service might be mitigated. If it has only a single clock, then cpupig is pretty easy to pull off with pretty bad effects...
