| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Apr 2015 09:54:50 +0200 From: Miroslav Lichvar <mlichvar@...hat.com> To: One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk> Cc: linux-kernel@...r.kernel.org, John Stultz <john.stultz@...aro.org>, Thomas Gleixner <tglx@...utronix.de>, Prarit Bhargava <prarit@...hat.com>, Richard Cochran <richardcochran@...il.com>, Arnd Bergmann <arnd@...db.de> Subject: Re: [RFC][PATCH] timekeeping: Limit system time to prevent 32-bit time_t overflow On Wed, Apr 15, 2015 at 10:31:54PM +0100, One Thousand Gnomes wrote: > On Wed, 15 Apr 2015 17:41:28 +0200 > Miroslav Lichvar <mlichvar@...hat.com> wrote: > > larger value. When the maximum is reached in normal time accumulation, > > the clock will be stepped back by one week. > > Which itself is open to exploits and dirty tricks and causes bizarre > problems. Any examples? I think it shouldn't be any worse than having system clock with incorrect time and making a backward step, which is a well understood problem. > IMHO it doesn't actually improve the situation. Do you have a 32-bit system for testing? Try "date -s @2147483600", wait one minute and see if it's not worth preventing. I think the power consumption alone is worth it. If there is some widely used application/service in which the overflow triggers an infinite loop making requests to a network service, maybe it could prevent a DDoS attack. -- Miroslav Lichvar -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists