Date: Thu, 1 Apr 1999 17:37:34 -0800 (PST) From: Sean Eric Fagan <sef@kithrup.com> To: hackers@freebsd.org Subject: Re: Suggestion: loosen slightly securelevel>1 time change restriction Message-ID: <199904020137.RAA18306@kithrup.com> In-Reply-To: <199904020130.RAA61810.kithrup.freebsd.hackers@apollo.backplane.com> References: <199904020033.QAA09981@medusa.kfu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <199904020130.RAA61810.kithrup.freebsd.hackers@apollo.backplane.com> you write: > the fact that Kerberos will fail of the time isn't synchronized between > machines and that NFS and many other subsystems will do weird things > when the time is out of sync between machines. The 'protection' > that securelevel is giving us, in regards to the time, is zip. I can't tell if this is an april fool's joke as well. The purpose of prohibiting setting the time backwards is to prevent a cracker from changing the ctime of a file to before he actually changed it. This change means you can do security audits more easily. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199904020137.RAA18306>