From owner-freebsd-arch  Wed Jan 16 18: 3: 7 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from swan.prod.itd.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123])
	by hub.freebsd.org (Postfix) with ESMTP
	id C637237B419; Wed, 16 Jan 2002 18:02:48 -0800 (PST)
Received: from dialup-209.244.107.170.dial1.sanjose1.level3.net ([209.244.107.170] helo=blossom.cjclark.org)
	by swan.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16R1t8-000680-00; Wed, 16 Jan 2002 18:02:47 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id g0H22eV37376;
	Wed, 16 Jan 2002 18:02:40 -0800 (PST)
	(envelope-from cjc)
Date: Wed, 16 Jan 2002 18:02:40 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: Terry Lambert <tlambert2@mindspring.com>
Cc: Sheldon Hearn <sheldonh@starjuice.net>, FreeBSD@jovi.net,
	freebsd-questions@FreeBSD.ORG, freebsd-arch@FreeBSD.ORG,
	bug-followup@FreeBSD.ORG
Subject: Re: kern/33904: secure mode bug
Message-ID: <20020116180239.F35910@blossom.cjclark.org>
References: <20020115210303.E31328@blossom.cjclark.org> <98823.1011171388@axl.seasidesoftware.co.za> <20020116010937.K31328@blossom.cjclark.org> <3C45E0B2.A092CB4E@mindspring.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3C45E0B2.A092CB4E@mindspring.com>; from tlambert2@mindspring.com on Wed, Jan 16, 2002 at 12:21:06PM -0800
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

On Wed, Jan 16, 2002 at 12:21:06PM -0800, Terry Lambert wrote:
> "Crist J . Clark" wrote:
> > The settimeofday(2) call returns
> > success even though the change requested by the call is not really
> > done. This is somewhat questionable behavior. The documentation for
> > settimeofday(2) was not clear about how this works under elevated
> > securelevel(8), and in fact, the documentation is actually wrong
> > (which I will fix shortly).
> 
> This is BS.

I don't think so.

> It's not documented how it works in jails, either,
> or under vmware.

But settimeofday(2) _does_ claim to document what happens, but it is
flat out wrong (out of date),

     Only the super-user may set the time of day or time zone.  If the system
     is running in secure mode (see init(8)), the time may only be advanced.
     This limitation is imposed to prevent a malicious super-user from setting
     arbitrary time stamps on files.  The system time can still be adjusted
     backwards using the adjtime(2) system call even when the system is
     secure.

Read the comments for settime() and the rest of the code in
kern_time.c, and test it. This is clearly not how things really work.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message