From owner-freebsd-hackers Thu Apr 1 17:37:55 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from kithrup.com (kithrup.com [205.179.156.40]) by hub.freebsd.org (Postfix) with ESMTP id 1C426154E3 for ; Thu, 1 Apr 1999 17:37:52 -0800 (PST) (envelope-from sef@kithrup.com) Received: (from sef@localhost) by kithrup.com (8.8.8/8.8.8) id RAA18306; Thu, 1 Apr 1999 17:37:34 -0800 (PST) (envelope-from sef) Date: Thu, 1 Apr 1999 17:37:34 -0800 (PST) From: Sean Eric Fagan Message-Id: <199904020137.RAA18306@kithrup.com> To: hackers@freebsd.org Subject: Re: Suggestion: loosen slightly securelevel>1 time change restriction In-Reply-To: <199904020130.RAA61810.kithrup.freebsd.hackers@apollo.backplane.com> References: <199904020033.QAA09981@medusa.kfu.com> Organization: Kithrup Enterprises, Ltd. Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In article <199904020130.RAA61810.kithrup.freebsd.hackers@apollo.backplane.com> you write: > the fact that Kerberos will fail of the time isn't synchronized between > machines and that NFS and many other subsystems will do weird things > when the time is out of sync between machines. The 'protection' > that securelevel is giving us, in regards to the time, is zip. I can't tell if this is an april fool's joke as well. The purpose of prohibiting setting the time backwards is to prevent a cracker from changing the ctime of a file to before he actually changed it. This change means you can do security audits more easily. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message