The Prisoners' Problem — δivergent Byte

The origin

It started with two FreeBSD security advisories from early 2026 and a question: are these the same thing?

They were. The pattern — a component that is trusted by its caller but that can communicate information to an adversary through a channel the caller cannot observe — had been described by Gustavus Simmons in 1983 in a paper on subliminal channels in cryptographic authentication systems. Simmons was writing about a prisoner trying to communicate a hidden message to an accomplice through a channel monitored by a warden. The warden can read everything on the channel. The prisoner's message is still covert because it is encoded in properties the warden does not check.

The field still does not have a shared operational vocabulary for this class. Each instance is treated as a novel finding. CVE descriptions name the specific behaviour without naming the class. Remediation is reactive rather than systematic because the class is not named precisely enough to generate a class-level defence posture.

Why it matters for BSD security advisories

The two FreeBSD advisories from early 2026 that originated this series share a structural property: a component with legitimate system privileges can, under adversary-controlled conditions, produce outputs that travel through a channel the calling process trusts but cannot inspect. The specific mechanisms differ. The class is identical.

The Prisoners' Problem series is an attempt to name the class precisely enough that the defence can be systematic rather than reactive. It is not security research in the specialist sense — it is pattern recognition applied across a forty-year gap between academic description and operational practice, by someone who read the advisories as a practitioner and noticed that the CVE descriptions were not doing the intellectual work the pattern required.

The series

Part 1

The class

The Simmons description. The modern instantiation. Why "subliminal channel" is a better name than any of the names currently in use. The structural properties that make the class distinct from covert channels and side channels.

Part 2

Why patching does not solve it

Patching a specific exploit removes the specific mechanism. It does not close the class. The class is not the mechanism — it is the structural condition that permits the mechanism. A patched instance of the class leaves the structural condition intact.

Part 3

The BSD advisories in detail

The two early 2026 FreeBSD advisories that originated the series, placed in the Simmons framework. What the CVE descriptions say. What the Simmons framework adds. How the class-level description changes the remediation conversation.

Part 4

A systematic defence posture

What a class-level defence looks like. Privilege separation as a structural mitigation. The BSD development culture's approach to this class — not as a novel finding each time, but as a known structural risk that informed the design of the Capsicum sandboxing framework and the privilege separation on every daemon.

∵ The Oxford formation is visible in this series, if you are looking for it. The habit of checking whether the phenomenon has been named before. The discomfort with imprecision in a field where imprecision has consequences. The willingness to follow the argument past the comfortable stopping point. It is not a credential that is led with. It is a formation that shows in the work.

Publication

The series is in preparation. Parts 1 and 2 are complete. Parts 3 and 4 are in draft. Publication is sequential — each part is made available when it meets the standard the argument requires, not on a schedule.

The essays are licensed under CC BY 4.0. Attribution matters.

James Bacchus
Founder, Divergent Byte Ltd
divergentbyte.com
Islington, London · 2026