> > >  1) only allow /dev/clock to make small adjustments to the clock
> > > (adjtime(), ntp_adjtime(), and possibly small forward steps with
> > > settimeofday)
> > What do we consider as small?
> And isn't it enough that the sysadmin has to have changed the permissions
> on dev/clock first? 

Someone that compromised ntpd could use it to gain root?

-- 
Emmanuel Dreyfus
p99dreyf@criens.u-psud.fr