Date: Fri, 2 Apr 1999 12:15:33 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: Matthew Dillon <dillon@apollo.backplane.com>, Nick Sayer <nsayer@quack.kfu.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Suggestion: loosen slightly securelevel>1 time change restriction Message-ID: <v04011703b32aaa5816ba@[128.113.24.47]> In-Reply-To: <199904020130.RAA61810@apollo.backplane.com> References: <199904020033.QAA09981@medusa.kfu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 5:30 PM -0800 4/1/99, Matthew Dillon wrote: > We should remove the securelevel code that prevents the date from > being set backwards. It's stupid code and doesn't work anyway... > you can set the date forward enough times to wrap it. Well, obviously it would be nice to fix *that* problem, separate from whether one is allowed to set time backwards by an explicit backwards request. > Also consider the fact that Kerberos will fail of the time isn't > synchronized between machines and that NFS and many other > subsystems will do weird things when the time is out of sync > between machines. Do any securelevel's put any limitations on setting time forwards? It would be nice if some check could be made to prevent 'obviously' bad forward-jumps too, but I can't think of a plausibly reliable way to determine that a forward-jump is 'obviously' bad... --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04011703b32aaa5816ba>