Date: Fri, 13 Feb 1998 17:17:39 -0600 (CST) From: Alex Nash <nash@mcs.net> To: robert+freebsd@cyrus.watson.org Cc: freebsd-security@FreeBSD.ORG Subject: Re: Secure Linux patch (fwd) Message-ID: <199802132317.RAA15473@nash.pr.mcs.net> In-Reply-To: <Pine.BSF.3.96.980213172022.18233C-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 13 Feb, Robert Watson wrote: > BTW, in -current, has their been any thought to requiring that time > monotonically increase (as BSDI has done) while in securelevel > 0? With > appropriate use of single-user mode, xntpd, and ntpdate, this can be very > useful. FreeBSD already does this, although the check is against securelevel > 1: sys/kern_time.c revision 1.23 date: 1997/05/08 14:16:25; author: peter; state: Exp; lines: +215 -33 [...] Note that I picked up the securelevel > 1 check from NetBSD that prevents the clock being set backwards in high securelevel mode (this was a hole that allowed resetting of inode access timestamps to arbitary values) Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199802132317.RAA15473>