Date: Sun, 4 Apr 1999 08:47:08 +0200 (SAT) From: John Hay <jhay@mikom.csir.co.za> To: nsayer@quack.kfu.com (Nick Sayer) Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Suggestion: loosen slightly securelevel>1 time change restriction Message-ID: <199904040647.IAA28163@zibbi.mikom.csir.co.za> In-Reply-To: <199904020033.QAA09981@medusa.kfu.com> from Nick Sayer at "Apr 1, 1999 4:33:25 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> At the moment, setting the time to any point in the past (that is, > if the delta being applied is negative) is not allowed if the securelevel > of the system is >1. > > The problem with this is that even if you run ntpdate at boot time, > xntpd can occasionally want to make small negative steps. > > I suggest easing up slightly on the restriction. Say, negative steps of > more than a minute are disallowed. It would seem to me that this would > let xntpd operate correctly in most cases while still denying the > opportunity for serious mischief to hackers desiring to wreak havoc > with time warps. > I think that you should just tell ntpd that it can't step the time. With xntpd 3.x it was a compile time define SLEWALWAYS and with ntpd 4.x the -x commandline option can be used. John -- John Hay -- John.Hay@mikom.csir.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904040647.IAA28163>