We've been talking to a kernel developer of the NetBSD project (probably the most portable operating system out there), regarding its security status and some potential enhancements.
While reading through the secmodel securelevel source, we spotted this interesting snippet:
case KAUTH_REQ_SYSTEM_TIME_SYSTEM: {
struct timespec *ts = arg1;
struct timeval *delta = arg2;
/*
* Don't allow the time to be set forward so far it will wrap
* and become negative, thus allowing an attacker to bypass
* the next check below. The cutoff is 1 year before rollover
* occurs, so even if the attacker uses adjtime(2) to move
* the time past the cutoff, it will take a very long time
* to get to the wrap point.
*
* XXX: we check against INT_MAX since on 64-bit
* platforms, sizeof(int) != sizeof(long) and
* time_t is 32 bits even when atv.tv_sec is 64 bits.
*/
if (securelevel > 1 &&
((ts->tv_sec > INT_MAX - 365*24*60*60) ||
(delta->tv_sec < 0 || delta->tv_usec < 0)))
result = KAUTH_RESULT_DENY;
break;
}
Leave a comment