From: millert <millert@openbsd.org>
Date: Sat, 5 Apr 1997 22:06:10 +0000 (+0000)
Subject: settimeofday(2) restruction moved to secure level 2.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c5c924fec64d5e79cdf366bb253f15f7299db364;p=openbsd

settimeofday(2) restruction moved to secure level 2.
---

diff --git a/sbin/init/init.8 b/sbin/init/init.8
index ba5c9da6e52..c13e19821e9 100644
--- a/sbin/init/init.8
+++ b/sbin/init/init.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: init.8,v 1.6 1997/03/26 01:59:37 deraadt Exp $
+.\"	$OpenBSD: init.8,v 1.7 1997/04/05 22:06:10 millert Exp $
 .\"	$NetBSD: init.8,v 1.6 1995/03/18 14:56:31 cgd Exp $
 .\"
 .\" Copyright (c) 1980, 1991, 1993
@@ -104,16 +104,18 @@ disks for mounted filesystems,
 and
 .Pa /dev/kmem
 are read-only.
-The
-.Xr settimeofday 2
-system call can only advance the time.
 .It Ic 2
 Highly secure mode \- same as secure mode, plus disks are always
-read-only whether mounted or not.
+read-only whether mounted or not and
+the
+.Xr settimeofday 2
+system call can only advance the time.
 This level precludes tampering with filesystems by unmounting them,
 but also inhibits running
 .Xr newfs 8
-while the system is multi-user.
+while the system is multi-user.  Because the clock cannot
+be set back in time, malicious users who have gained root
+priviledges are unable to change a file's ctime.
 .El
 .Pp
 Normally, the system runs in level 0 mode while single user