Date: Thu, 1 Apr 1999 17:25:21 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Andy Doran <ad@psn.ie>, Nick Sayer <nsayer@quack.kfu.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Suggestion: loosen slightly securelevel>1 time change restriction Message-ID: <199904020125.RAA29744@salsa.gv.tsc.tdk.com> In-Reply-To: Andy Doran <ad@psn.ie> "Re: Suggestion: loosen slightly securelevel>1 time change restriction" (Apr 2, 1:42am)
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 2, 1:42am, Andy Doran wrote: } Subject: Re: Suggestion: loosen slightly securelevel>1 time change restric } On Thu, 1 Apr 1999, Nick Sayer wrote: } > } > I suggest easing up slightly on the restriction. Say, negative steps of } > more than a minute are disallowed. It would seem to me that this would } > let xntpd operate correctly in most cases while still denying the } > opportunity for serious mischief to hackers desiring to wreak havoc } > with time warps. I think that a minute is too much. A second or so should be plenty. Maybe this should be a system tuneable that can't be changed when securelevel > 0. } What if you continiously set the time back 59 seconds? If you made this } change, you'd need restrictions on how *often* the time is changed too. How about preventing a negative step from setting the time back further than the most recent negative step? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904020125.RAA29744>