From owner-freebsd-security  Thu Aug 19 15:32:44 1999
Delivered-To: freebsd-security@freebsd.org
Received: from wrath.cs.utah.edu (wrath.cs.utah.edu [155.99.198.100])
	by hub.freebsd.org (Postfix) with ESMTP id 767FC1548A
	for <freebsd-security@FreeBSD.ORG>; Thu, 19 Aug 1999 15:31:48 -0700 (PDT)
	(envelope-from danderse@cs.utah.edu)
Received: from torrey.cs.utah.edu (torrey.cs.utah.edu [155.99.212.91])
	by wrath.cs.utah.edu (8.8.8/8.8.8) with ESMTP id QAA04414;
	Thu, 19 Aug 1999 16:30:47 -0600 (MDT)
Received: (from danderse@localhost)
	by torrey.cs.utah.edu (8.9.3/8.9.1) id QAA52873;
	Thu, 19 Aug 1999 16:30:47 -0600 (MDT)
	(envelope-from danderse@cs.utah.edu)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Thu, 19 Aug 1999 16:30:47 -0600 (MDT)
From: "David G. Andersen" <danderse@cs.utah.edu>
To: Brett Glass <brett@lariat.org>
Cc: Archie Cobbs <archie@whistle.com>,
	Goran.Lowkrantz@infologigruppen.se (Lowkrantz Goran),
	freebsd-security@FreeBSD.ORG ('freebsd-security@FreeBSD.ORG')
Subject: Re: Securelevel 3 ant setting time
In-Reply-To: Brett Glass's message of Thu, August 19 1999 <4.2.0.58.19990819161554.04790800@localhost>
References: <B500F74C6527D311B61F0000C0DF5ADC07ECB5@valhall.ign.se>
	<199908191819.LAA94866@bubba.whistle.com>
	<4.2.0.58.19990819161554.04790800@localhost>
X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs  Lucid
Message-ID: <14268.33906.359749.40458@torrey.cs.utah.edu>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


"Maybe".  (Probably?)

When ntpdate sees a small time delta (less than 1/2 second off), it
will use the adjtime() call to slew the clock time, which is
permitted.  However, if the delta is large for some reason, then it
will go in and use the sledgehammer approach - settimeofday().

>From the ntpdate manpage:

     The latter technique is less disruptive and
     more accurate when the offset is small, and works quite well when ntpdate
     is run by cron(8) every hour or two. 

So, you'll probably be OK doing it that way, *but* if you get too far
off during the time period, then you won't be able to correct for it.


   -Dave

Lo and Behold, Brett Glass said:
> My server uses a cron job and ntpupdate to grab tne time from the
> best of several accurate government servers. Would securelevel 3 allow
> this?

-- 
work: danderse@cs.utah.edu                     me:  angio@pobox.com
      University of Utah CS Department         http://www.angio.net/
   "If you haul a geek up a crack, you will bloody their fingers for a day...
    If you teach a geek to climb, you will bloody their fingers for life."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message