On Mon, 09 Aug 2004 12:04:53 EDT, James Morris said: > Is there a good paper describing the threat model for Secure Levels? Or > can you explain why specifically decrementing the system time is something > you would want to stop root from doing? Anybody who's had a cron job run twice at 2:30AM on a Daylight Savings change day knows exactly why you want a monotonically increasing system clock. ;) (Yes, the cron example is due to $TZ brain damage - but more generally, a backwards step of the clock can potentially be exploited - Really Dumb Example: 1) log on at 03:01 2) Kick system time back to 16:59 the previous day 3) Run bogus copy of "must run inside 8-5" payroll job or similar time-locked app. 4) Kick system time back to 03:01 Ponder pam_time.so and pam_timestamp.so.... ;)
This archive was generated by hypermail 2.1.3 : Mon Aug 09 2004 - 18:37:31 PDT