From c5c924fec64d5e79cdf366bb253f15f7299db364 Mon Sep 17 00:00:00 2001 From: millert Date: Sat, 5 Apr 1997 22:06:10 +0000 Subject: [PATCH] settimeofday(2) restruction moved to secure level 2. --- sbin/init/init.8 | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/sbin/init/init.8 b/sbin/init/init.8 index ba5c9da6e52..c13e19821e9 100644 --- a/sbin/init/init.8 +++ b/sbin/init/init.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: init.8,v 1.6 1997/03/26 01:59:37 deraadt Exp $ +.\" $OpenBSD: init.8,v 1.7 1997/04/05 22:06:10 millert Exp $ .\" $NetBSD: init.8,v 1.6 1995/03/18 14:56:31 cgd Exp $ .\" .\" Copyright (c) 1980, 1991, 1993 @@ -104,16 +104,18 @@ disks for mounted filesystems, and .Pa /dev/kmem are read-only. -The -.Xr settimeofday 2 -system call can only advance the time. .It Ic 2 Highly secure mode \- same as secure mode, plus disks are always -read-only whether mounted or not. +read-only whether mounted or not and +the +.Xr settimeofday 2 +system call can only advance the time. This level precludes tampering with filesystems by unmounting them, but also inhibits running .Xr newfs 8 -while the system is multi-user. +while the system is multi-user. Because the clock cannot +be set back in time, malicious users who have gained root +priviledges are unable to change a file's ctime. .El .Pp Normally, the system runs in level 0 mode while single user -- 2.20.1