NetworkManager time sync
C. Scott Ananian
cscott at laptop.org
Wed Jul 7 12:52:05 EDT 2010
On Wed, Jul 7, 2010 at 12:20 PM, Martin Langhoff
<martin.langhoff at gmail.com> wrote:
> On Mon, Jul 5, 2010 at 11:52 PM, Daniel Drake <dsd at laptop.org> wrote:
>> While we have your attention on this topic...
>> Do you not think that this is a security issue? In that a thief could
>> put a laptop on a network with rigged DNS and have control over the
>> time/date on the laptop?
>
> We *really* have to get OFW clock checks working -- then this
> disappears as an issue. I really want to be able to use ntp (at least
> ntpdate on NM successful connect). The OATS clock sync is very rough
> -- on purpose.
I believe my proposal was to use OFW protected execution to replace
"trust the RTC clock" -- which is pretty daft, even if theoretically
vserver would let you isolate that priviledge domain -- with having
OFW keep a monotonically increasing counter of CPU time (not "real
time"). Theft-deterrence leases would be then good for a certain
amount of CPU time, and you can screw with your RTC all you like.
("CPU time" is also guaranteed to increase by some amount on every
boot, so the lease also roughly limits "number of boots".)
I think wad said he managed to squeeze the hardware to enable this
into the latest generation, but I don't know if the support was ever
fully integrated. It's mostly a OFW/EC hack, since all the privileged
code is removed from the OS in this case.
--scott
--
( http://cscott.net/ )
More information about the Devel
mailing list