From owner-cvs-all Thu Apr 8 19:22:16 1999 Delivered-To: cvs-all@freebsd.org Received: from allegro.lemis.com (allegro.lemis.com [192.109.197.134]) by hub.freebsd.org (Postfix) with ESMTP id E364C14F49; Thu, 8 Apr 1999 19:22:06 -0700 (PDT) (envelope-from grog@freebie.lemis.com) Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137]) by allegro.lemis.com (8.9.1/8.9.0) with ESMTP id LAA23392; Fri, 9 Apr 1999 11:50:05 +0930 (CST) Received: (from grog@localhost) by freebie.lemis.com (8.9.3/8.9.0) id LAA24327; Fri, 9 Apr 1999 11:50:05 +0930 (CST) Message-ID: <19990409115005.E2142@lemis.com> Date: Fri, 9 Apr 1999 11:50:05 +0930 From: Greg Lehey To: "Daniel C. Sobral" Cc: Nick Sayer , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/kern kern_time.c References: <199904071636.JAA15238@freefall.freebsd.org> <19990408100716.I2142@lemis.com> <370C20B2.BD062E4F@newsguy.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <370C20B2.BD062E4F@newsguy.com>; from Daniel C. Sobral on Thu, Apr 08, 1999 at 12:21:22PM +0900 WWW-Home-Page: http://www.lemis.com/~grog Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-41-739-7062 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk On Thursday, 8 April 1999 at 12:21:22 +0900, Daniel C. Sobral wrote: > Greg Lehey wrote: >> >> On Wednesday, 7 April 1999 at 9:36:57 -0700, Nick Sayer wrote: >>> nsayer 1999/04/07 09:36:57 PDT >>> >>> Modified files: >>> sys/kern kern_time.c >>> Log: >>> If securelevel>1, allow the clock to be adjusted negatively only up to >>> 1 second prior to the highest the clock has run so far. This allows >>> time adjusters like xntpd to do their work, but the worst a miscreant >>> can do is "freeze" the clock, not go back in time. >> >> Does this mean that if somebody accidentally sets the time to the >> wrong year, the only thing he can do to fix it is to reboot in >> single-user mode? I'm not convinced that this is a gain. What do >> people doing Y2K tests do? > > How about not using securelevel>1 when doing such tests? OK. Finally I've read the source. I thought that the end of /etc/rc automatically raised the secure level, but I see that this is not the case by default. I retract my objection. Greg -- See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message