Don't allow the time to be set forward so far it will wrap and become negative,

thus allowing an attacker to bypass the next check below.  The cutoff is 1 year
before rollover occurs, so even if the attacker uses adjtime(2) to move the
time past the cutoff, it will take a very long time to get to the wrap point.
The actual check is tv_sec > INT_MAX - 365*24*60*60 because on 64 bit platforms
tv_sec is 64 bits but time_t is 32 bits.  This will need to be changed some
time in the future when the size of time_t changes.

Add a printf when a user tries to turn the clock backwards and securelevel > 1

0 files changed, 0 insertions, 0 deletions