Date: Mon, 5 Apr 1999 19:02:52 -0700 (PDT) From: Nick Sayer <nsayer@quack.kfu.com> To: hackers@freebsd.org Subject: Revised suggestion for securelevel negative time deltas Message-ID: <199904060202.TAA31558@medusa.kfu.com>
next in thread | raw e-mail | index | archive | help
Thanks to Garance A Droshihn for a better idea. Attempts to negatively offset the clock are clamped to one second less than the highest the clock has yet reached. This will allow xntpd (or a miscreant, alas) to "freeze" the clock in place, but not go backwards in time beyond a second. Here is a proposed patch. Note the big blank spot where a proposal for handling positive deltas should go. :-) --- kern_time.c.orig Fri Apr 2 13:35:13 1999 +++ kern_time.c Fri Apr 2 13:34:11 1999 @@ -77,7 +77,8 @@ settime(tv) struct timeval *tv; { - struct timeval delta, tv1; + struct timeval delta, tv1, tv2; + static struct timeval maxtime; struct timespec ts; int s; @@ -88,13 +89,30 @@ /* * If the system is secure, we do not allow the time to be - * set to an earlier value (it may be slowed using adjtime, - * but not set back). This feature prevent interlopers from - * setting arbitrary time stamps on files. + * set to a value earlier than 1 second less than the highest + * time we have yet seen. The worst a miscreant can do in + * this circumstance is "freeze" time. He couldn't go + * back to the past. */ - if (delta.tv_sec < 0 && securelevel > 1) { - splx(s); - return (EPERM); + if (securelevel > 1) { + if (delta.tv_sec < 0 || delta.tv_usec < 0) { + if ( tv1.tv_sec > maxtime.tv_sec ) + maxtime=tv1; + tv2=maxtime; + timevalsub( &tv2, &tv ); + if ( tv2.tv_sec < -1 ) { + tv.tv_sec=maxtime.tv_sec-1; + } + } + else { + /* XXX + * We have to figure out how to be secure + * in this case. Allowing arbitrary + * positive increases allows a miscreant + * to simply wrap time around the end + * of time. + */ + } } ts.tv_sec = tv->tv_sec; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904060202.TAA31558>