Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 24 Oct 1998 16:08:24 -0400
From:      "Allen Smith" <easmith@beatrice.rutgers.edu>
To:        Jacques Vidrine <n@nectar.com>, Randy Bush <randy@psg.com>
Cc:        Studded <Studded@gorean.org>, Marc Gutschner <Marc.Gutschner@triplan.com>, hackers@FreeBSD.ORG
Subject:   Re: xntpd and securelevel
Message-ID:  <9810241608.ZM2214@beatrice.rutgers.edu>
In-Reply-To: Jacques Vidrine <n@nectar.com>  "xntpd and securelevel" (Oct  9,  6:23pm)
References:  <361DEC25.30065DCC@Triplan.COM>  <361E3DE4.39F057F4@gorean.org>  <199810091757.KAA10402@rip.psg.com>  <361E4FE8.2EF1B5DA@gorean.org>  <199810091845.LAA11689@rip.psg.com>  <361E5F28.1DE06387@gorean.org>  <199810091911.MAA12445@rip.psg.com>  <E0zRiaA-0004wG-00@spawn.nectar.com>  <199810091959.MAA13804@rip.psg.com>  <E0zRino-0004yc-00@spawn.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Oct 9,  6:23pm, Jacques Vidrine (possibly) wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> [[Moving thread to hackers@freebsd.org, and changing subject]]
> 
> Oh, duh... ntpdate (and I guess xntpd, too) use settimeofday...
> settimeofday calls settime... extract from settime:
> 
> 	/*
> 	 * If the system is secure, we do not allow the time to be 
> 	 * set to an earlier value (it may be slowed using adjtime,
> 	 * but not set back). This feature prevent interlopers from
> 	 * setting arbitrary time stamps on files.
> 	 */
> 	if (delta.tv_sec < 0 && securelevel > 1) {
> 		splx(s);
> 		return (EPERM);
> 	}
> 
> So if you need to go back in time, you can't be at securelevel > 1.
> Seems like a good thing to me.  However, xntpd still should be able
> to make small adjustments.
> 
> Any xntpd experts here that can comment on when xntpd uses settimeofday
> versus adjtime?  Perhaps it has to do with the size of adjustment that
> must be made?

I don't know about xntpd, but ntpd by default uses the equivalent of
settime (via ntp_adjtime) when the setting is .128 seconds or more.

	-Allen

-- 
Allen Smith				easmith@beatrice.rutgers.edu
	

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9810241608.ZM2214>