From owner-freebsd-hackers  Sat Oct 24 13:09:08 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA05567
          for freebsd-hackers-outgoing; Sat, 24 Oct 1998 13:09:08 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from beatrice.rutgers.edu (beatrice.rutgers.edu [165.230.209.143])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA05562
          for <hackers@FreeBSD.ORG>; Sat, 24 Oct 1998 13:09:07 -0700 (PDT)
          (envelope-from easmith@beatrice.rutgers.edu)
Received: (from easmith@localhost) by beatrice.rutgers.edu (980427.SGI.8.8.8/970903.SGI.AUTOCF) id QAA02216; Sat, 24 Oct 1998 16:08:25 -0400 (EDT)
From: "Allen Smith" <easmith@beatrice.rutgers.edu>
Message-Id: <9810241608.ZM2214@beatrice.rutgers.edu>
Date: Sat, 24 Oct 1998 16:08:24 -0400
In-Reply-To: Jacques Vidrine <n@nectar.com>  "xntpd and securelevel" (Oct  9,  6:23pm)
References: <361DEC25.30065DCC@Triplan.COM>  <361E3DE4.39F057F4@gorean.org> 
	<199810091757.KAA10402@rip.psg.com> 
	<361E4FE8.2EF1B5DA@gorean.org> 
	<199810091845.LAA11689@rip.psg.com> 
	<361E5F28.1DE06387@gorean.org> 
	<199810091911.MAA12445@rip.psg.com> 
	<E0zRiaA-0004wG-00@spawn.nectar.com> 
	<199810091959.MAA13804@rip.psg.com> 
	<E0zRino-0004yc-00@spawn.nectar.com>
X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail)
To: Jacques Vidrine <n@nectar.com>, Randy Bush <randy@psg.com>
Subject: Re: xntpd and securelevel
Cc: Studded <Studded@gorean.org>, Marc Gutschner <Marc.Gutschner@triplan.com>,
        hackers@FreeBSD.ORG
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Oct 9,  6:23pm, Jacques Vidrine (possibly) wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> [[Moving thread to hackers@freebsd.org, and changing subject]]
> 
> Oh, duh... ntpdate (and I guess xntpd, too) use settimeofday...
> settimeofday calls settime... extract from settime:
> 
> 	/*
> 	 * If the system is secure, we do not allow the time to be 
> 	 * set to an earlier value (it may be slowed using adjtime,
> 	 * but not set back). This feature prevent interlopers from
> 	 * setting arbitrary time stamps on files.
> 	 */
> 	if (delta.tv_sec < 0 && securelevel > 1) {
> 		splx(s);
> 		return (EPERM);
> 	}
> 
> So if you need to go back in time, you can't be at securelevel > 1.
> Seems like a good thing to me.  However, xntpd still should be able
> to make small adjustments.
> 
> Any xntpd experts here that can comment on when xntpd uses settimeofday
> versus adjtime?  Perhaps it has to do with the size of adjustment that
> must be made?

I don't know about xntpd, but ntpd by default uses the equivalent of
settime (via ntp_adjtime) when the setting is .128 seconds or more.

	-Allen

-- 
Allen Smith				easmith@beatrice.rutgers.edu
	

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message