Subject: kern/13158: settime() fail to splx when securelevel is set
To: None <>
From: None <>
List: netbsd-bugs
Date: 06/07/2001 08:40:08
>Number:         13158
>Category:       kern
>Synopsis:       settime() fail to splx when securelevel is set
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jun 10 15:18:00 PDT 2001
>Originator:     Love
>Release:        NetBSD-1.5V
	Stacken Computer Club
System: NetBSD 1.5V NetBSD 1.5V (NUTCRACKER) #20: Wed Jun 6 01:02:14 CEST 2001 i386
Architecture: i386
Machine: i386

	settime(): kern/kern_time.c contain the following code:

	s = splclock();
	timersub(tv, &time, &delta);
	if ((delta.tv_sec < 0 || delta.tv_usec < 0) && securelevel > 1)
		return (EPERM);
	return (0);

	So if securelevel is set the interrupt priority is never
	lowered and the machine will wack it self on syscall exit (or
	somewere else)

	This is not a security hole since it done after a suser() check.


	Read the code


	Obvious, don't forget the notyet:ed code.