version 1.8.6.1, 2009/01/17 13:29:40 |
version 1.9, 2008/11/12 12:36:28 |
Line 173 secmodel_securelevel_system_cb(kauth_cre |
|
Line 173 secmodel_securelevel_system_cb(kauth_cre |
|
|
|
case KAUTH_REQ_SYSTEM_TIME_SYSTEM: { |
case KAUTH_REQ_SYSTEM_TIME_SYSTEM: { |
struct timespec *ts = arg1; |
struct timespec *ts = arg1; |
struct timespec *delta = arg2; |
struct timeval *delta = arg2; |
|
|
/* |
/* |
* Don't allow the time to be set forward so far it |
* Don't allow the time to be set forward so far it will wrap |
* will wrap and become negative, thus allowing an |
* and become negative, thus allowing an attacker to bypass |
* attacker to bypass the next check below. The |
* the next check below. The cutoff is 1 year before rollover |
* cutoff is 1 year before rollover occurs, so even |
* occurs, so even if the attacker uses adjtime(2) to move |
* if the attacker uses adjtime(2) to move the time |
* the time past the cutoff, it will take a very long time |
* past the cutoff, it will take a very long time |
|
* to get to the wrap point. |
* to get to the wrap point. |
|
* |
|
* XXX: we check against INT_MAX since on 64-bit |
|
* platforms, sizeof(int) != sizeof(long) and |
|
* time_t is 32 bits even when atv.tv_sec is 64 bits. |
*/ |
*/ |
if (securelevel > 1 && |
if (securelevel > 1 && |
((ts->tv_sec > LLONG_MAX - 365*24*60*60) || |
((ts->tv_sec > INT_MAX - 365*24*60*60) || |
(delta->tv_sec < 0 || delta->tv_nsec < 0))) |
(delta->tv_sec < 0 || delta->tv_usec < 0))) |
result = KAUTH_RESULT_DENY; |
result = KAUTH_RESULT_DENY; |
|
|
break; |
break; |
} |
} |
|
|