Date: Thu, 08 Apr 1999 11:15:40 +0100 From: Niall Smart <niall@pobox.com> To: hackers@freebsd.org Subject: Re: Revised suggestion for securelevel negative time deltas Message-ID: <370C81CC.A39B1743@pobox.com>
next in thread | raw e-mail | index | archive | help
> > Well, how about a sysctl (kern.maxclockdelta) which specifies the > > maximum > > amount of seconds that the clock can be brought forward or back in a > > specified period, say 7 days. This fixes the problem mentioned by Matt > > Dillon (?) whereby an attacker can wind the clock forward indefinately > > and overflow a time_t. (Naturally this sysctl would be read-only > > when securelevel > 1). > > The problem is, how do you measure time when the clock is being > changed a lot? If you limit the change an attacker can make, > all he has to do is do it a billion times to achieve the same > end. Clamping the negative adjustment to the maximum time seen -1 sec > works because time is an increasing function. You can't similarly > clamp positive excursions quite so easily. Every 7 days you store the current timestamp in "timebase", you can't change the system clock more than +/- kern.maxclockdelta from this value. Regards, Niall. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?370C81CC.A39B1743>