tech-kern: Re: security sysctl? (was: r/o filesystem restrictions for firewall?)

Subject: Re: security sysctl? (was: r/o filesystem restrictions for firewall?)
To: None <tech-kern@netbsd.org>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: tech-kern
Date: 10/25/2000 22:50:09

tls@rek.tjls.com (Thor Lancelot Simon) writes:
> You know, this discussion is rather frustrating to me because all of the
> relevant details are pretty well documented.  I quote the init(8) manual
> page:

I'm glad the discussion came up.  I never noticed that init sprouted a
new more secure level 2.

I too wanted to make an compact-flash based 1-U high router and this
mode would be just the ticket.

>            The settimeofday(2) system call can only advance the
>            time.

Could a hacker set the time to 2^31-1, wait a second and then advance
the time to the desired value?

-wolfgang
-- 
       Wolfgang Rupprecht <wolfgang+gnus@dailyplanet.wsrcc.com>
		    http://www.wsrcc.com/wolfgang/
Coming soon: GPS mapping tools for Open Systems. http://www.gnomad-mapping.com/