Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Jan 2002 18:02:40 -0800
From:      "Crist J . Clark" <cjc@FreeBSD.ORG>
To:        Terry Lambert <tlambert2@mindspring.com>
Cc:        Sheldon Hearn <sheldonh@starjuice.net>, FreeBSD@jovi.net, freebsd-questions@FreeBSD.ORG, freebsd-arch@FreeBSD.ORG, bug-followup@FreeBSD.ORG
Subject:   Re: kern/33904: secure mode bug
Message-ID:  <20020116180239.F35910@blossom.cjclark.org>
In-Reply-To: <3C45E0B2.A092CB4E@mindspring.com>; from tlambert2@mindspring.com on Wed, Jan 16, 2002 at 12:21:06PM -0800
References:  <20020115210303.E31328@blossom.cjclark.org> <98823.1011171388@axl.seasidesoftware.co.za> <20020116010937.K31328@blossom.cjclark.org> <3C45E0B2.A092CB4E@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Jan 16, 2002 at 12:21:06PM -0800, Terry Lambert wrote:
> "Crist J . Clark" wrote:
> > The settimeofday(2) call returns
> > success even though the change requested by the call is not really
> > done. This is somewhat questionable behavior. The documentation for
> > settimeofday(2) was not clear about how this works under elevated
> > securelevel(8), and in fact, the documentation is actually wrong
> > (which I will fix shortly).
> 
> This is BS.

I don't think so.

> It's not documented how it works in jails, either,
> or under vmware.

But settimeofday(2) _does_ claim to document what happens, but it is
flat out wrong (out of date),

     Only the super-user may set the time of day or time zone.  If the system
     is running in secure mode (see init(8)), the time may only be advanced.
     This limitation is imposed to prevent a malicious super-user from setting
     arbitrary time stamps on files.  The system time can still be adjusted
     backwards using the adjtime(2) system call even when the system is
     secure.

Read the comments for settime() and the rest of the code in
kern_time.c, and test it. This is clearly not how things really work.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020116180239.F35910>