Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!elroy.jpl.nasa.gov!decwrl!pa.dec.com!decuac!rayssd!fjr From: fjr@sgfb.ssd.ray.com (Fred J. Roeber) Newsgroups: comp.realtime Subject: Re: VxWorks "security"? Message-ID: <429@sgfb.ssd.ray.com> Date: 26 Jun 91 13:54:47 GMT References: <1991Jun3.183523.8212@unhd.unh.edu> <1991Jun4.133608.24773@src.honeywell.com> Sender: news@rayssd.ssd.ray.com Organization: Raytheon Company, Portsmouth, RI Lines: 26 In article <1991Jun4.133608.24773@src.honeywell.com> vestal@SRC.Honeywell.COM (Steve Vestal) writes: > >This raises another issue that, for lack of a better term, I'll call timing >security. I did some careful timing measurement & analysis on a VxWorks >system and discovered that there were sporadic bursts of activity that >couldn't be accounted for by any of the application tasks or >application-required VxWorks services. I speculated that some of these bursts >were due to VxWorks occasionally handling ethernet messages. Although the >overall load was small -- maybe 1% utilization in our environment -- the >actual duration of a sporadic burst wasn't negligible, especially as the >frequency of application tasks increased. The time spent rejecting an rlogin >attempt might possibly, in some applications, cause an application timing >fault (missed deadline). > I'm just getting caught up on this group so I may be missing a little future information. I have been off doing some detailed timing analysis of VxWorks operations with concentration on the networking code. As far as the occasional traffic, that is probably the fact that periodically (every 30 seconds) the VxWorks networking code "times out" the ARP addressing table entries and then goes out to try to get new addressing information. There is some way to mark the ARP table entries as permanent (through an ioctl call) but we haven't bothered doing that yet. As far as the security issue on rlogin, the 5.x release of VxWorks has an optional security package that can be built in. It supports password security and should be able to handle your problem. We haven't bothered to configure it in. Hope this helps. Fred