Site Navigation

Date:      Fri, 09 Oct 1998 15:06:15 -0500
From:      Jacques Vidrine <n@nectar.com>
To:        Randy Bush <randy@psg.com>
Cc:        Jacques Vidrine <n@nectar.com>, Studded <Studded@gorean.org>, Marc Gutschner <Marc.Gutschner@triplan.com>, hackers@FreeBSD.ORG
Subject:   xntpd and securelevel
Message-ID:  <E0zRino-0004yc-00@spawn.nectar.com>
In-Reply-To: <199810091959.MAA13804@rip.psg.com> 
References:  <361DEC25.30065DCC@Triplan.COM> <361E3DE4.39F057F4@gorean.org> <199810091757.KAA10402@rip.psg.com> <361E4FE8.2EF1B5DA@gorean.org> <199810091845.LAA11689@rip.psg.com> <361E5F28.1DE06387@gorean.org> <199810091911.MAA12445@rip.psg.com> <E0zRiaA-0004wG-00@spawn.nectar.com> <199810091959.MAA13804@rip.psg.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

-----BEGIN PGP SIGNED MESSAGE-----

[[Moving thread to hackers@freebsd.org, and changing subject]]

Oh, duh... ntpdate (and I guess xntpd, too) use settimeofday...
settimeofday calls settime... extract from settime:

	/*
	 * If the system is secure, we do not allow the time to be 
	 * set to an earlier value (it may be slowed using adjtime,
	 * but not set back). This feature prevent interlopers from
	 * setting arbitrary time stamps on files.
	 */
	if (delta.tv_sec < 0 && securelevel > 1) {
		splx(s);
		return (EPERM);
	}

So if you need to go back in time, you can't be at securelevel > 1.
Seems like a good thing to me.  However, xntpd still should be able
to make small adjustments.

Any xntpd experts here that can comment on when xntpd uses settimeofday
versus adjtime?  Perhaps it has to do with the size of adjustment that
must be made?

Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org

On 9 October 1998 at 12:59, Randy Bush <randy@psg.com> wrote:
> > Randy, can you run ``truss ntpdate yada yada yada'' so we can
> > see which system call is returning EPERM?
> 
> had problems with the yada yada server, so used a local one. :-)
> 
> randy
> 
> 
> rip.psg.com:/root# id
> uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator
), 20(staff), 31(guest)
> rip.psg.com:/root# truss ntpdate psg.com       
> syscall open("/usr/libexec/ld.so",0,00)
>         returns 3 (0x3)
> syscall read(0x3,0xefbfdb14,0x20)
>         returns 32 (0x20)
> syscall mmap(0x0,69632,0x5,0x2,3,0x0)
>         returns 536907776 (0x20009000)
> syscall mmap(0x2001a000,8192,0x3,0x12,3,0x11000)
>         returns 536977408 (0x2001a000)
> syscall getuid()
>         returns 0 (0x0)
> syscall geteuid()
>         returns 0 (0x0)
> syscall getgid()
>         returns 0 (0x0)
> syscall getegid()
>         returns 0 (0x0)
> syscall break(0xe000)
>         returns 0 (0x0)
> syscall open("/var/run/ld.so.hints",0,00)
>         returns 4 (0x4)
> syscall read(0x4,0xefbfda58,0x20)
>         returns 32 (0x20)
> syscall mmap(0x0,8586,0x1,0x1,4,0x0)
>         returns 536985600 (0x2001c000)
> syscall close(4)
>         returns 0 (0x0)
> syscall stat("/usr/lib/aout/libc.so.3.1",0xefbfda0c)
>         returns 0 (0x0)
> syscall stat("/usr/lib/aout/libc.so.3.1",0xefbfda34)
>         returns 0 (0x0)
> syscall open("/usr/lib/aout/libc.so.3.1",0,00)
>         returns 4 (0x4)
> syscall read(0x4,0xefbfda14,0x20)
>         returns 32 (0x20)
> syscall mmap(0x0,513076,0x5,0x2,4,0x0)
>         returns 536997888 (0x2001f000)
> syscall close(4)
>         returns 0 (0x0)
> syscall mprotect(0x2008b000,0x4000,0x7)
>         returns 0 (0x0)
> syscall mmap(0x2008f000,54324,0x7,0x1012,-1,0x0)
>         returns 537456640 (0x2008f000)
> syscall break(0xf000)
>         returns 0 (0x0)
> syscall break(0x10000)
>         returns 0 (0x0)
> syscall break(0x11000)
>         returns 0 (0x0)
> syscall munmap(0x2001c000,0x218a)
>         returns 0 (0x0)
> syscall close(3)
>         returns 0 (0x0)
> syscall readlink("/etc/malloc.conf",0xefbfda34,63)
>         errno 2 'No such file or directory'
> syscall mmap(0x0,4096,0x3,0x1002,-1,0x0)
>         returns 536985600 (0x2001c000)
> syscall break(0x12000)
>         returns 0 (0x0)
> syscall break(0x13000)
>         returns 0 (0x0)
> syscall open("/etc/host.conf",0,0666)
>         returns 3 (0x3)
> syscall fstat(3,0xefbfd55c)
>         returns 0 (0x0)
> syscall break(0x15000)
>         returns 0 (0x0)
> syscall read(0x3,0x13000,0x2000)
>         returns 129 (0x81)
> syscall read(0x3,0x13000,0x2000)
>         returns 0 (0x0)
> syscall close(3)
>         returns 0 (0x0)
> syscall madvise(0x13000,0x2000,0x5)
>         returns 0 (0x0)
> syscall open("/etc/hosts",0,0666)
>         returns 3 (0x3)
> syscall gettimeofday(0xefbfd5b4,0x0)
>         returns 0 (0x0)
> syscall getpid()
>         returns 13774 (0x35ce)
> syscall open("/etc/resolv.conf",0,0666)
>         returns 4 (0x4)
> syscall fstat(4,0xefbfd4f4)
>         returns 0 (0x0)
> syscall read(0x4,0x13000,0x2000)
>         returns 61 (0x3d)
> syscall read(0x4,0x13000,0x2000)
>         returns 0 (0x0)
> syscall close(4)
>         returns 0 (0x0)
> syscall madvise(0x13000,0x2000,0x5)
>         returns 0 (0x0)
> syscall fstat(3,0xefbfd94c)
        returns 0 (0x0)
> syscall read(0x3,0x13000,0x2000)
>         returns 1135 (0x46f)
> syscall close(3)
>         returns 0 (0x0)
> syscall madvise(0x13000,0x2000,0x5)
>         returns 0 (0x0)
> syscall socket(0x2,0x2,0x0)
>         returns 3 (0x3)
> syscall bind(0x3,0xefbfda94,0x10)
>         returns 0 (0x0)
> syscall fcntl(0x3,0x4,0x4)
>         returns 0 (0x0)
> syscall sigaction(0xe,0xefbfda78,0x0)
>         returns 0 (0x0)
> syscall setitimer(0x0,0xefbfda94,0x0)
>         returns 0 (0x0)
> syscall setpriority(0x0,0x0,0xfffffff4)
>         returns 0 (0x0)
> SIGNAL 14
> SIGNAL 14
> SIGNAL 14
> syscall select(0x4,0xefbfdac0,0x0,0x0,0x0)
>         errno 4 'Interrupted system call'
> syscall sigreturn(0xefbfda40)
>         errno 4 'Interrupted system call'
> syscall gettimeofday(0xefbfda28,0x0)
>         returns 0 (0x0)
> syscall sendto(0x3,0xefbfda50,0x30,0x0,0x13000,0x10)
>         returns 48 (0x30)
> syscall select(0x4,0xefbfdac0,0x0,0x0,0x0)
>         returns 1 (0x1)
> syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c)
>         returns 1 (0x1)
> syscall gettimeofday(0xefbfd990,0x0)
>         returns 0 (0x0)
> syscall recvfrom(0x3,0x1449c,0x44,0x0,0x14474,0xefbfd9ac)
>         returns 48 (0x30)
> syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c)
>         returns 0 (0x0)
> syscall gettimeofday(0xefbfd9d8,0x0)
>         returns 0 (0x0)
> syscall sendto(0x3,0xefbfda00,0x30,0x0,0x13000,0x10)
>         returns 48 (0x30)
> syscall select(0x4,0xefbfdac0,0x0,0x0,0x0)
>         returns 1 (0x1)
> syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c)
>         returns 1 (0x1)
> syscall gettimeofday(0xefbfd990,0x0)
>         returns 0 (0x0)
> syscall recvfrom(0x3,0x1449c,0x44,0x0,0x14474,0xefbfd9ac)
>         returns 48 (0x30)
> syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c)
>         returns 0 (0x0)
> syscall gettimeofday(0xefbfd9d8,0x0)
>         returns 0 (0x0)
> syscall sendto(0x3,0xefbfda00,0x30,0x0,0x13000,0x10)
>         returns 48 (0x30)
> syscall select(0x4,0xefbfdac0,0x0,0x0,0x0)
>         returns 1 (0x1)
> syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c)
>         returns 1 (0x1)
> syscall gettimeofday(0xefbfd990,0x0)
>         returns 0 (0x0)
> syscall recvfrom(0x3,0x1449c,0x44,0x0,0x14474,0xefbfd9ac)
>         returns 48 (0x30)
> syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c)
>         returns 1 (0x1)
> syscall gettimeofday(0xefbfd990,0x0)
>         returns 0 (0x0)
> syscall recvfrom(0x3,0x1426c,0x44,0x0,0x14244,0xefbfd9ac)
>         returns 48 (0x30)
> syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c)
>         returns 0 (0x0)
> syscall gettimeofday(0xefbfd9d8,0x0)
>         returns 0 (0x0)
> syscall sendto(0x3,0xefbfda00,0x30,0x0,0x13000,0x10)
>         returns 48 (0x30)
> syscall select(0x4,0xefbfdac0,0x0,0x0,0x0)
>         returns 1 (0x1)
> syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c)
>         returns 1 (0x1)
> syscall gettimeofday(0xefbfd990,0x0)
>         returns 0 (0x0)
> syscall recvfrom(0x3,0x1449c,0x44,0x0,0x14474,0xefbfd9ac)
>         returns 48 (0x30)
> syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c)
>         returns 0 (0x0)
> syscall gettimeofday(0xefbfda74,0x0)
>         returns 0 (0x0)
> syscall settimeofday(0xefbfda74,0x0)
>         errno 1 'Operation not permitted'
> syscall gettimeofday(0xefbfcddc,0x0)
>         returns 0 (0x0)
> syscall break(0x16000)
>         returns 0 (0x0)
> syscall access(0x2005b3bb,0x4)
>         returns 0 (0x0)
> syscall open("/etc/localtime",0,04002130140)
>         returns 4 (0x4)
> syscall fstat(4,0xefbfcd24)
>         returns 0 (0x0)
> syscall read(0x4,0xefbfaa18,0x1f08)
>         returns 1000 (0x3e8)
> syscall close(4)
>         returns 0 (0x0)
> syscall madvise(0x15000,0x1000,0x5)
>         returns 0 (0x0)
> syscall socket(0x1,0x2,0x0)
>         returns 4 (0x4)
> syscall fcntl(0x4,0x2,0x1)
>         returns 0 (0x0)
> syscall connect(0x4,0xefbfcd64,0x6a)
>         returns 0 (0x0)
> syscall sendto(Oct  9 12:54:57 rip last message repeated 2 times
> 0x4,0xefbfd240Oct  9 12:58:19 rip ntpdate: Can't set time of day: Operation n
ot permitted
> ,0x4b,0x0,0x0,0x0)
>         returns 75 (0x4b)
> syscall exit(0x0)
>         process exit, rval = 0
> 



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNh5stzeRhT8JRySpAQEVfQP+KW+RbABJPy15Jq26EOeqxRo5/bKVdVOW
29ko9L4bhA6Eeo+eX1Xd77ZNI+G2nSJ2l7Cr1EHA1IQZM0/77qlIe0htRKK9eqgN
LpYfS0pWCiRrgyH4TCTDodclJcWhb4mpkMO4L7oTNcmYnsyNjCxvwE23Wdl65J+L
G4VOS1qn/08=
=zBzE
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0zRino-0004yc-00>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact