From owner-freebsd-security Thu Aug 19 17:31: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 8E20315221 for ; Thu, 19 Aug 1999 17:30:59 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id RAA22415; Thu, 19 Aug 1999 17:29:16 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199908200029.RAA22415@gndrsh.dnsmgr.net> Subject: Re: Securelevel 3 ant setting time In-Reply-To: <14268.33906.359749.40458@torrey.cs.utah.edu> from "David G. Andersen" at "Aug 19, 1999 04:30:47 pm" To: danderse@cs.utah.edu (David G. Andersen) Date: Thu, 19 Aug 1999 17:29:15 -0700 (PDT) Cc: brett@lariat.org (Brett Glass), archie@whistle.com (Archie Cobbs), Goran.Lowkrantz@infologigruppen.se (Lowkrantz Goran), freebsd-security@FreeBSD.ORG ('freebsd-security@FreeBSD.ORG') X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > "Maybe". (Probably?) > > When ntpdate sees a small time delta (less than 1/2 second off), it > will use the adjtime() call to slew the clock time, which is > permitted. However, if the delta is large for some reason, then it > will go in and use the sledgehammer approach - settimeofday(). > > >From the ntpdate manpage: > > The latter technique is less disruptive and > more accurate when the offset is small, and works quite well when ntpdate > is run by cron(8) every hour or two. > > So, you'll probably be OK doing it that way, *but* if you get too far > off during the time period, then you won't be able to correct for it. You can compile ntp/xntpd with the -DSLEWALWAYS option and it will work for you. I had to go grep the source to make sure that ntpdate obeyed this and it does: ntpdate/ntpdate.c:#ifdef SLEWALWAYS ntpdate/ntpdate.c:#else /* SLEWALWAYS */ ntpdate/ntpdate.c:#endif /* SLEWALWAYS */ Though a quick reading of the code shows that it does not remove -b as a valid option, and from a quick lookover this should probably just be a runtime option instead of a compile time option.... > -Dave > > Lo and Behold, Brett Glass said: > > My server uses a cron job and ntpupdate to grab tne time from the > > best of several accurate government servers. Would securelevel 3 allow > > this? > > -- > work: danderse@cs.utah.edu me: angio@pobox.com > University of Utah CS Department http://www.angio.net/ > "If you haul a geek up a crack, you will bloody their fingers for a day... > If you teach a geek to climb, you will bloody their fingers for life." > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message