Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 15 Jan 2002 10:26:15 -0500 (EST)
From:      FreeBSD@jovi.net
To:        cjc@FreeBSD.ORG
Cc:        freebsd-arch@FreeBSD.ORG
Subject:   Re: kern/33904: secure mode bug
Message-ID:  <200201151526.g0FFQFX02180@grant.org>
In-Reply-To: <20020115011230.D28767@blossom.cjclark.org>
References:  <200201142344.g0ENimK91227@freefall.freebsd.org> <20020115011230.D28767@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thanks for your reply.
I suggest escalating the trouble.
Correct time is mission-critical on many systems
and this is an issue of unreliable service under FreeBSD.

A settimeofday other than that programmed is worse than doing nothing.
Three orders of magnitude is a complete failure by every reasonable standard.
Breaking date, ntpdate, ntpd, ... is a reliable indication of severe failure.
These programs now need rewriting to operate reliably.

		Cheers
			--Devon
	 /"\
	 \ /	 ASCII Ribbon Campaign
	  X	  Help Cure HTML Mail
	 / \

Date: Tue, 15 Jan 2002 01:12:30 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
Cc: freebsd-gnats-submit@FreeBSD.ORG

On Mon, Jan 14, 2002 at 03:44:48PM -0800, D. McCullough wrote:
[snip]

> >Description:
> settimeofday silently fails in secure mode.
> 
> I wasted a lot of time baffled --
> this makes all the various date
> apps and clients silently fail.

The problem is that it doesn't _completely_ fail.

> >Fix:
> When an operation prohibited by secure mode fails,
> this failure must be accurately reported by the API.

If you run your test program,

  # ./testtime
  gettimeofday = 0; t = 1011071149.590024
  settimeofday = 0; t = 1011067549.590024
  gettimeofday = 0; t = 1011071148.591402

At securelevel == 2, we see that the time _has_ been changed by the
call, but like the log message says,

  Jan 14 21:05:44 <kern.crit> bubbles kernel: Time adjustment clamped to -1 second

So the call of settimeofday(2) didn't actually fail due to "permission
denied," but the result is not exactly what the caller expected either.

Now, whether this whole approach is wrong is more of a discussion for
freebsd-arch@freebsd.org.
-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
				   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201151526.g0FFQFX02180>