From owner-freebsd-hackers Thu Apr 1 16:33:47 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from quack.kfu.com (quack.kfu.com [170.1.70.2]) by hub.freebsd.org (Postfix) with ESMTP id 4F570151DE for ; Thu, 1 Apr 1999 16:33:45 -0800 (PST) (envelope-from nsayer@medusa.kfu.com) Received: from medusa.kfu.com (medusa.kfu.com [170.1.70.5]) by quack.kfu.com (8.9.2/8.8.5) with ESMTP id QAA00416 for ; Thu, 1 Apr 1999 16:33:29 -0800 (PST) Received: (from nsayer@localhost) by medusa.kfu.com (8.9.2/8.8.8) id QAA09981 for freebsd-hackers@freebsd.org; Thu, 1 Apr 1999 16:33:25 -0800 (PST) (envelope-from nsayer) Date: Thu, 1 Apr 1999 16:33:25 -0800 (PST) From: Nick Sayer Message-Id: <199904020033.QAA09981@medusa.kfu.com> To: freebsd-hackers@freebsd.org Subject: Suggestion: loosen slightly securelevel>1 time change restriction Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At the moment, setting the time to any point in the past (that is, if the delta being applied is negative) is not allowed if the securelevel of the system is >1. The problem with this is that even if you run ntpdate at boot time, xntpd can occasionally want to make small negative steps. I suggest easing up slightly on the restriction. Say, negative steps of more than a minute are disallowed. It would seem to me that this would let xntpd operate correctly in most cases while still denying the opportunity for serious mischief to hackers desiring to wreak havoc with time warps. Comments? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message