summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Sayer <nsayer@FreeBSD.org>1999-04-07 16:36:56 +0000
committerNick Sayer <nsayer@FreeBSD.org>1999-04-07 16:36:56 +0000
commitfcae3aa61f4ad12abec2048d769d6211e3fa91c2 (patch)
treeab7f09a21bb3c8a30abfe764dc09608976dd199f
parent953e5998b393cd9df3493c4f5b7ae63bfa56dec2 (diff)
Notes
-rw-r--r--sys/kern/kern_time.c35
1 files changed, 27 insertions, 8 deletions
diff --git a/sys/kern/kern_time.c b/sys/kern/kern_time.c
index 4d9d0f90d464..c699c22d000b 100644
--- a/sys/kern/kern_time.c
+++ b/sys/kern/kern_time.c
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)kern_time.c 8.1 (Berkeley) 6/10/93
- * $Id: kern_time.c,v 1.60 1999/01/27 21:49:56 dillon Exp $
+ * $Id: kern_time.c,v 1.61 1999/02/25 15:54:05 bde Exp $
*/
#include <sys/param.h>
@@ -78,7 +78,8 @@ static int
settime(tv)
struct timeval *tv;
{
- struct timeval delta, tv1;
+ struct timeval delta, tv1, tv2;
+ static struct timeval maxtime;
struct timespec ts;
int s;
@@ -89,13 +90,31 @@ settime(tv)
/*
* If the system is secure, we do not allow the time to be
- * set to an earlier value (it may be slowed using adjtime,
- * but not set back). This feature prevent interlopers from
- * setting arbitrary time stamps on files.
+ * set to a value earlier than 1 second less than the highest
+ * time we have yet seen. The worst a miscreant can do in
+ * this circumstance is "freeze" time. He couldn't go
+ * back to the past.
*/
- if (delta.tv_sec < 0 && securelevel > 1) {
- splx(s);
- return (EPERM);
+ if (securelevel > 1) {
+ if (delta.tv_sec < 0 || delta.tv_usec < 0) {
+ if ( tv1.tv_sec > maxtime.tv_sec )
+ maxtime=tv1;
+ tv2=*tv;
+ timevalsub( &tv2, &maxtime );
+ if ( tv2.tv_sec < -1 ) {
+ tv.tv_sec=maxtime.tv_sec-1;
+ printf("Time adjustment clamped to -1 second\n");
+ }
+ }
+ else {
+ /* XXX
+ * We have to figure out how to be secure
+ * in this case. Allowing arbitrary
+ * positive increases allows a miscreant
+ * to simply wrap time around the end
+ * of time.
+ */
+ }
}
ts.tv_sec = tv->tv_sec;