From owner-freebsd-hackers Thu Apr 1 16:42:53 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from mailhub.psn.ie (mailhub.psn.ie [194.106.150.254]) by hub.freebsd.org (Postfix) with ESMTP id D8E48152F5 for ; Thu, 1 Apr 1999 16:42:28 -0800 (PST) (envelope-from ad@psn.ie) Received: from vmunix.psn.ie ([194.106.150.252]) by mailhub.psn.ie with esmtp (Exim 2.12 #3) id 10Ss21-00011u-00; Fri, 2 Apr 1999 01:41:57 +0100 Received: from localhost.psn.ie ([127.0.0.1] helo=localhost) by vmunix.psn.ie with esmtp (Exim 2.10 #1) id 10Ss2y-00006E-00; Fri, 2 Apr 1999 01:42:56 +0100 Date: Fri, 2 Apr 1999 01:42:56 +0100 (IST) From: Andy Doran To: Nick Sayer Cc: freebsd-hackers@freebsd.org Subject: Re: Suggestion: loosen slightly securelevel>1 time change restriction In-Reply-To: <199904020033.QAA09981@medusa.kfu.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 1 Apr 1999, Nick Sayer wrote: > > I suggest easing up slightly on the restriction. Say, negative steps of > more than a minute are disallowed. It would seem to me that this would > let xntpd operate correctly in most cases while still denying the > opportunity for serious mischief to hackers desiring to wreak havoc > with time warps. > What if you continiously set the time back 59 seconds? If you made this change, you'd need restrictions on how *often* the time is changed too. Also, xntpd/ntpdate would have to be intelligent enough to know that it can't set the time back more than the limit. Andy. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message