From owner-freebsd-hackers  Fri Apr  2  9: 7:58 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from mail1.its.rpi.edu (mail1.its.rpi.edu [128.113.100.7])
	by hub.freebsd.org (Postfix) with ESMTP id 52BFD14C9E
	for <freebsd-hackers@FreeBSD.ORG>; Fri,  2 Apr 1999 09:07:54 -0800 (PST)
	(envelope-from drosih@rpi.edu)
Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47])
	by mail1.its.rpi.edu (8.8.8/8.8.6) with ESMTP id MAA167088;
	Fri, 2 Apr 1999 12:07:28 -0500
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Sender: drosih@pop1.rpi.edu
Message-Id: <v04011702b32a992b0d5c@[128.113.24.47]>
In-Reply-To: <199904020033.QAA09981@medusa.kfu.com>
Date: Fri, 2 Apr 1999 12:07:25 -0500
To: Nick Sayer <nsayer@quack.kfu.com>, freebsd-hackers@FreeBSD.ORG
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: Suggestion: loosen slightly securelevel>1 time change
 restriction
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 4:33 PM -0800 4/1/99, Nick Sayer wrote:
> [...] setting the time to any point in the past (...) is not allowed
> if the securelevel of the system is >1.  The problem with this is that
> even if you run ntpdate at boot time, xntpd can occasionally want to
> make small negative steps.
>
> I suggest easing up slightly on the restriction. Say, negative steps
> of more than a minute are disallowed.

I understand the problem you're interested in, but that's the wrong
solution...

Of course, that begs the question "What is the right solution?".  If
someone has a PC which does have a slightly-fast clock, how can that
be handled under securelevels>1?  I am not using securelevels yet,
but it's something I do hope to look into at some point.  My PC does
gain about a second a day.

Need a solution something more like 'you can never jump back more
than 1 second prior to the maximum value of time ever seen after the
machine switched into securelevel'...  (and attempts to do more than
one second will only change the clock by one second).

At that point, the worst an evil hacker could do is keep time from
going forward (by running an infinite loop of setting the time back),
but they couldn't really screw around with setting older time values.

---
Garance Alistair Drosehn           =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer          or  drosih@rpi.edu
Rensselaer Polytechnic Institute


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message