From owner-freebsd-security Wed Aug 25 18:40:11 1999 Delivered-To: freebsd-security@freebsd.org Received: from maxim.gba.oz.au (gba.tmx.com.au [203.9.155.249]) by hub.freebsd.org (Postfix) with SMTP id 5AD6B152A9 for ; Wed, 25 Aug 1999 18:39:47 -0700 (PDT) (envelope-from gjb-freebsd@gba.oz.au) Received: (qmail 4234 invoked from network); 26 Aug 1999 06:39:57 +1000 Received: from alice.gba.oz.au (192.168.1.11) by maxim.gba.oz.au with SMTP; 26 Aug 1999 06:39:57 +1000 Received: (qmail 646 invoked by uid 1001); 26 Aug 1999 06:39:56 +1000 Message-ID: <19990825203955.645.qmail@alice.gba.oz.au> X-Posted-By: GBA-Post 1.03 20-Sep-1998 X-PGP-Fingerprint: 5A91 6942 8CEA 9DAB B95B C249 1CE1 493B 2B5A CE30 Date: Thu, 26 Aug 1999 06:39:55 +1000 From: Greg Black To: "H. Eckert" Cc: freebsd-security@FREEBSD.ORG Subject: Re: Securelevel 3 and setting time References: <19990822112923.6666.qmail@alice.gba.oz.au> <19990822194140.623D211@woodstock.monkey.net> <19990824235908.B70739@server.nostromo.in-berlin.de> In-reply-to: <19990824235908.B70739@server.nostromo.in-berlin.de> of Tue, 24 Aug 1999 23:59:08 +0200 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > The main question we haven't come to a conclusion so far is > what action should(n't) be taken as a possible solution for the > "rarely synched clock in an elevated secure level" scenario. > > - Loosen security and allow for bigger time jumps ? > - Forcing the admin to sync the clock more often ? > - Enabling ntpdate to distribute the time adjustments into > several smaller jumps instead of a big leap ? Surely the simple solution here is to build ntpdate so that it always uses adjtime(2). -- Greg Black -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message