Date: Fri, 9 Apr 1999 11:50:05 +0930 From: Greg Lehey <grog@lemis.com> To: "Daniel C. Sobral" <dcs@newsguy.com> Cc: Nick Sayer <nsayer@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/sys/kern kern_time.c Message-ID: <19990409115005.E2142@lemis.com> In-Reply-To: <370C20B2.BD062E4F@newsguy.com>; from Daniel C. Sobral on Thu, Apr 08, 1999 at 12:21:22PM %2B0900 References: <199904071636.JAA15238@freefall.freebsd.org> <19990408100716.I2142@lemis.com> <370C20B2.BD062E4F@newsguy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday, 8 April 1999 at 12:21:22 +0900, Daniel C. Sobral wrote: > Greg Lehey wrote: >> >> On Wednesday, 7 April 1999 at 9:36:57 -0700, Nick Sayer wrote: >>> nsayer 1999/04/07 09:36:57 PDT >>> >>> Modified files: >>> sys/kern kern_time.c >>> Log: >>> If securelevel>1, allow the clock to be adjusted negatively only up to >>> 1 second prior to the highest the clock has run so far. This allows >>> time adjusters like xntpd to do their work, but the worst a miscreant >>> can do is "freeze" the clock, not go back in time. >> >> Does this mean that if somebody accidentally sets the time to the >> wrong year, the only thing he can do to fix it is to reboot in >> single-user mode? I'm not convinced that this is a gain. What do >> people doing Y2K tests do? > > How about not using securelevel>1 when doing such tests? OK. Finally I've read the source. I thought that the end of /etc/rc automatically raised the secure level, but I see that this is not the case by default. I retract my objection. Greg -- See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990409115005.E2142>