From owner-freebsd-hackers Thu Apr 1 17:53:22 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from implode.root.com (root.com [209.102.106.178]) by hub.freebsd.org (Postfix) with ESMTP id 9CAFB15104 for ; Thu, 1 Apr 1999 17:53:21 -0800 (PST) (envelope-from root@implode.root.com) Received: from implode.root.com (localhost [127.0.0.1]) by implode.root.com (8.8.8/8.8.5) with ESMTP id RAA00499; Thu, 1 Apr 1999 17:52:47 -0800 (PST) Message-Id: <199904020152.RAA00499@implode.root.com> To: Nick Sayer Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Suggestion: loosen slightly securelevel>1 time change restriction In-reply-to: Your message of "Thu, 01 Apr 1999 16:33:25 PST." <199904020033.QAA09981@medusa.kfu.com> From: David Greenman Reply-To: dg@root.com Date: Thu, 01 Apr 1999 17:52:47 -0800 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >At the moment, setting the time to any point in the past (that is, >if the delta being applied is negative) is not allowed if the securelevel >of the system is >1. > >The problem with this is that even if you run ntpdate at boot time, >xntpd can occasionally want to make small negative steps. > >I suggest easing up slightly on the restriction. Say, negative steps of >more than a minute are disallowed. It would seem to me that this would >let xntpd operate correctly in most cases while still denying the >opportunity for serious mischief to hackers desiring to wreak havoc >with time warps. > >Comments? So if I want to go back an hour, I just do 60 settimeofday() calls. I don't think this is a solution. -DG David Greenman Co-founder/Principal Architect, The FreeBSD Project To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message