From owner-freebsd-hackers Fri Apr 2 9:16:14 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from mail1.its.rpi.edu (mail1.its.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 2A7CC14CB1 for ; Fri, 2 Apr 1999 09:15:59 -0800 (PST) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail1.its.rpi.edu (8.8.8/8.8.6) with ESMTP id MAA152946; Fri, 2 Apr 1999 12:15:36 -0500 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Sender: drosih@pop1.rpi.edu Message-Id: In-Reply-To: <199904020130.RAA61810@apollo.backplane.com> References: <199904020033.QAA09981@medusa.kfu.com> Date: Fri, 2 Apr 1999 12:15:33 -0500 To: Matthew Dillon , Nick Sayer From: Garance A Drosihn Subject: Re: Suggestion: loosen slightly securelevel>1 time change restriction Cc: freebsd-hackers@FreeBSD.ORG Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 5:30 PM -0800 4/1/99, Matthew Dillon wrote: > We should remove the securelevel code that prevents the date from > being set backwards. It's stupid code and doesn't work anyway... > you can set the date forward enough times to wrap it. Well, obviously it would be nice to fix *that* problem, separate from whether one is allowed to set time backwards by an explicit backwards request. > Also consider the fact that Kerberos will fail of the time isn't > synchronized between machines and that NFS and many other > subsystems will do weird things when the time is out of sync > between machines. Do any securelevel's put any limitations on setting time forwards? It would be nice if some check could be made to prevent 'obviously' bad forward-jumps too, but I can't think of a plausibly reliable way to determine that a forward-jump is 'obviously' bad... --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message