From owner-freebsd-hackers Fri Oct 9 13:11:02 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA09183 for freebsd-hackers-outgoing; Fri, 9 Oct 1998 13:11:02 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from spawn.nectar.com (spawn.nectar.com [204.27.67.86]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA09161 for ; Fri, 9 Oct 1998 13:10:48 -0700 (PDT) (envelope-from nectar@spawn.nectar.com) Received: from localhost.nectar.com ([127.0.0.1] helo=spawn.nectar.com) by spawn.nectar.com with esmtp (Exim 1.92 #1) id 0zRino-0004yc-00; Fri, 9 Oct 1998 15:06:16 -0500 X-Mailer: exmh version 2.0.2 2/24/98 X-PGP-RSAfprint: 00 F9 E6 A2 C5 4D 0A 76 26 8B 8B 57 73 D0 DE EE X-PGP-RSAkey: http://www.nectar.com/nectar-pgp262.txt From: Jacques Vidrine In-reply-to: <199810091959.MAA13804@rip.psg.com> References: <361DEC25.30065DCC@Triplan.COM> <361E3DE4.39F057F4@gorean.org> <199810091757.KAA10402@rip.psg.com> <361E4FE8.2EF1B5DA@gorean.org> <199810091845.LAA11689@rip.psg.com> <361E5F28.1DE06387@gorean.org> <199810091911.MAA12445@rip.psg.com> <199810091959.MAA13804@rip.psg.com> Subject: xntpd and securelevel To: Randy Bush cc: Jacques Vidrine , Studded , Marc Gutschner , hackers@FreeBSD.ORG Date: Fri, 09 Oct 1998 15:06:15 -0500 Message-Id: Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG -----BEGIN PGP SIGNED MESSAGE----- [[Moving thread to hackers@freebsd.org, and changing subject]] Oh, duh... ntpdate (and I guess xntpd, too) use settimeofday... settimeofday calls settime... extract from settime: /* * If the system is secure, we do not allow the time to be * set to an earlier value (it may be slowed using adjtime, * but not set back). This feature prevent interlopers from * setting arbitrary time stamps on files. */ if (delta.tv_sec < 0 && securelevel > 1) { splx(s); return (EPERM); } So if you need to go back in time, you can't be at securelevel > 1. Seems like a good thing to me. However, xntpd still should be able to make small adjustments. Any xntpd experts here that can comment on when xntpd uses settimeofday versus adjtime? Perhaps it has to do with the size of adjustment that must be made? Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org On 9 October 1998 at 12:59, Randy Bush wrote: > > Randy, can you run ``truss ntpdate yada yada yada'' so we can > > see which system call is returning EPERM? > > had problems with the yada yada server, so used a local one. :-) > > randy > > > rip.psg.com:/root# id > uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator ), 20(staff), 31(guest) > rip.psg.com:/root# truss ntpdate psg.com > syscall open("/usr/libexec/ld.so",0,00) > returns 3 (0x3) > syscall read(0x3,0xefbfdb14,0x20) > returns 32 (0x20) > syscall mmap(0x0,69632,0x5,0x2,3,0x0) > returns 536907776 (0x20009000) > syscall mmap(0x2001a000,8192,0x3,0x12,3,0x11000) > returns 536977408 (0x2001a000) > syscall getuid() > returns 0 (0x0) > syscall geteuid() > returns 0 (0x0) > syscall getgid() > returns 0 (0x0) > syscall getegid() > returns 0 (0x0) > syscall break(0xe000) > returns 0 (0x0) > syscall open("/var/run/ld.so.hints",0,00) > returns 4 (0x4) > syscall read(0x4,0xefbfda58,0x20) > returns 32 (0x20) > syscall mmap(0x0,8586,0x1,0x1,4,0x0) > returns 536985600 (0x2001c000) > syscall close(4) > returns 0 (0x0) > syscall stat("/usr/lib/aout/libc.so.3.1",0xefbfda0c) > returns 0 (0x0) > syscall stat("/usr/lib/aout/libc.so.3.1",0xefbfda34) > returns 0 (0x0) > syscall open("/usr/lib/aout/libc.so.3.1",0,00) > returns 4 (0x4) > syscall read(0x4,0xefbfda14,0x20) > returns 32 (0x20) > syscall mmap(0x0,513076,0x5,0x2,4,0x0) > returns 536997888 (0x2001f000) > syscall close(4) > returns 0 (0x0) > syscall mprotect(0x2008b000,0x4000,0x7) > returns 0 (0x0) > syscall mmap(0x2008f000,54324,0x7,0x1012,-1,0x0) > returns 537456640 (0x2008f000) > syscall break(0xf000) > returns 0 (0x0) > syscall break(0x10000) > returns 0 (0x0) > syscall break(0x11000) > returns 0 (0x0) > syscall munmap(0x2001c000,0x218a) > returns 0 (0x0) > syscall close(3) > returns 0 (0x0) > syscall readlink("/etc/malloc.conf",0xefbfda34,63) > errno 2 'No such file or directory' > syscall mmap(0x0,4096,0x3,0x1002,-1,0x0) > returns 536985600 (0x2001c000) > syscall break(0x12000) > returns 0 (0x0) > syscall break(0x13000) > returns 0 (0x0) > syscall open("/etc/host.conf",0,0666) > returns 3 (0x3) > syscall fstat(3,0xefbfd55c) > returns 0 (0x0) > syscall break(0x15000) > returns 0 (0x0) > syscall read(0x3,0x13000,0x2000) > returns 129 (0x81) > syscall read(0x3,0x13000,0x2000) > returns 0 (0x0) > syscall close(3) > returns 0 (0x0) > syscall madvise(0x13000,0x2000,0x5) > returns 0 (0x0) > syscall open("/etc/hosts",0,0666) > returns 3 (0x3) > syscall gettimeofday(0xefbfd5b4,0x0) > returns 0 (0x0) > syscall getpid() > returns 13774 (0x35ce) > syscall open("/etc/resolv.conf",0,0666) > returns 4 (0x4) > syscall fstat(4,0xefbfd4f4) > returns 0 (0x0) > syscall read(0x4,0x13000,0x2000) > returns 61 (0x3d) > syscall read(0x4,0x13000,0x2000) > returns 0 (0x0) > syscall close(4) > returns 0 (0x0) > syscall madvise(0x13000,0x2000,0x5) > returns 0 (0x0) > syscall fstat(3,0xefbfd94c) returns 0 (0x0) > syscall read(0x3,0x13000,0x2000) > returns 1135 (0x46f) > syscall close(3) > returns 0 (0x0) > syscall madvise(0x13000,0x2000,0x5) > returns 0 (0x0) > syscall socket(0x2,0x2,0x0) > returns 3 (0x3) > syscall bind(0x3,0xefbfda94,0x10) > returns 0 (0x0) > syscall fcntl(0x3,0x4,0x4) > returns 0 (0x0) > syscall sigaction(0xe,0xefbfda78,0x0) > returns 0 (0x0) > syscall setitimer(0x0,0xefbfda94,0x0) > returns 0 (0x0) > syscall setpriority(0x0,0x0,0xfffffff4) > returns 0 (0x0) > SIGNAL 14 > SIGNAL 14 > SIGNAL 14 > syscall select(0x4,0xefbfdac0,0x0,0x0,0x0) > errno 4 'Interrupted system call' > syscall sigreturn(0xefbfda40) > errno 4 'Interrupted system call' > syscall gettimeofday(0xefbfda28,0x0) > returns 0 (0x0) > syscall sendto(0x3,0xefbfda50,0x30,0x0,0x13000,0x10) > returns 48 (0x30) > syscall select(0x4,0xefbfdac0,0x0,0x0,0x0) > returns 1 (0x1) > syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c) > returns 1 (0x1) > syscall gettimeofday(0xefbfd990,0x0) > returns 0 (0x0) > syscall recvfrom(0x3,0x1449c,0x44,0x0,0x14474,0xefbfd9ac) > returns 48 (0x30) > syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c) > returns 0 (0x0) > syscall gettimeofday(0xefbfd9d8,0x0) > returns 0 (0x0) > syscall sendto(0x3,0xefbfda00,0x30,0x0,0x13000,0x10) > returns 48 (0x30) > syscall select(0x4,0xefbfdac0,0x0,0x0,0x0) > returns 1 (0x1) > syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c) > returns 1 (0x1) > syscall gettimeofday(0xefbfd990,0x0) > returns 0 (0x0) > syscall recvfrom(0x3,0x1449c,0x44,0x0,0x14474,0xefbfd9ac) > returns 48 (0x30) > syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c) > returns 0 (0x0) > syscall gettimeofday(0xefbfd9d8,0x0) > returns 0 (0x0) > syscall sendto(0x3,0xefbfda00,0x30,0x0,0x13000,0x10) > returns 48 (0x30) > syscall select(0x4,0xefbfdac0,0x0,0x0,0x0) > returns 1 (0x1) > syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c) > returns 1 (0x1) > syscall gettimeofday(0xefbfd990,0x0) > returns 0 (0x0) > syscall recvfrom(0x3,0x1449c,0x44,0x0,0x14474,0xefbfd9ac) > returns 48 (0x30) > syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c) > returns 1 (0x1) > syscall gettimeofday(0xefbfd990,0x0) > returns 0 (0x0) > syscall recvfrom(0x3,0x1426c,0x44,0x0,0x14244,0xefbfd9ac) > returns 48 (0x30) > syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c) > returns 0 (0x0) > syscall gettimeofday(0xefbfd9d8,0x0) > returns 0 (0x0) > syscall sendto(0x3,0xefbfda00,0x30,0x0,0x13000,0x10) > returns 48 (0x30) > syscall select(0x4,0xefbfdac0,0x0,0x0,0x0) > returns 1 (0x1) > syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c) > returns 1 (0x1) > syscall gettimeofday(0xefbfd990,0x0) > returns 0 (0x0) > syscall recvfrom(0x3,0x1449c,0x44,0x0,0x14474,0xefbfd9ac) > returns 48 (0x30) > syscall select(0x4,0xefbfda24,0x0,0x0,0xefbfda1c) > returns 0 (0x0) > syscall gettimeofday(0xefbfda74,0x0) > returns 0 (0x0) > syscall settimeofday(0xefbfda74,0x0) > errno 1 'Operation not permitted' > syscall gettimeofday(0xefbfcddc,0x0) > returns 0 (0x0) > syscall break(0x16000) > returns 0 (0x0) > syscall access(0x2005b3bb,0x4) > returns 0 (0x0) > syscall open("/etc/localtime",0,04002130140) > returns 4 (0x4) > syscall fstat(4,0xefbfcd24) > returns 0 (0x0) > syscall read(0x4,0xefbfaa18,0x1f08) > returns 1000 (0x3e8) > syscall close(4) > returns 0 (0x0) > syscall madvise(0x15000,0x1000,0x5) > returns 0 (0x0) > syscall socket(0x1,0x2,0x0) > returns 4 (0x4) > syscall fcntl(0x4,0x2,0x1) > returns 0 (0x0) > syscall connect(0x4,0xefbfcd64,0x6a) > returns 0 (0x0) > syscall sendto(Oct 9 12:54:57 rip last message repeated 2 times > 0x4,0xefbfd240Oct 9 12:58:19 rip ntpdate: Can't set time of day: Operation n ot permitted > ,0x4b,0x0,0x0,0x0) > returns 75 (0x4b) > syscall exit(0x0) > process exit, rval = 0 > -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNh5stzeRhT8JRySpAQEVfQP+KW+RbABJPy15Jq26EOeqxRo5/bKVdVOW 29ko9L4bhA6Eeo+eX1Xd77ZNI+G2nSJ2l7Cr1EHA1IQZM0/77qlIe0htRKK9eqgN LpYfS0pWCiRrgyH4TCTDodclJcWhb4mpkMO4L7oTNcmYnsyNjCxvwE23Wdl65J+L G4VOS1qn/08= =zBzE -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message