Date: Thu, 1 Apr 1999 18:17:48 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: Sean Eric Fagan <sef@kithrup.com> Cc: hackers@FreeBSD.ORG Subject: Re: Suggestion: loosen slightly securelevel>1 time change restriction Message-ID: <199904020217.SAA63090@apollo.backplane.com> References: <199904020033.QAA09981@medusa.kfu.com> <199904020137.RAA18306@kithrup.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:In article <199904020130.RAA61810.kithrup.freebsd.hackers@apollo.backplane.com> you write: :> the fact that Kerberos will fail of the time isn't synchronized between :> machines and that NFS and many other subsystems will do weird things :> when the time is out of sync between machines. The 'protection' :> that securelevel is giving us, in regards to the time, is zip. : :I can't tell if this is an april fool's joke as well. : :The purpose of prohibiting setting the time backwards is to prevent a cracker :from changing the ctime of a file to before he actually changed it. This :change means you can do security audits more easily. The current securelevel solution is a half-assed solution, IMHO. It creates more problems then it solves. -Matt Matthew Dillon <dillon@backplane.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904020217.SAA63090>