diff options
| author | Todd C. Miller <millert@cvs.openbsd.org> | 1997-04-05 22:06:11 +0000 |
|---|---|---|
| committer | Todd C. Miller <millert@cvs.openbsd.org> | 1997-04-05 22:06:11 +0000 |
| commit | ebb808b9f530686a1afba78937ce81569f1fbcba (patch) | |
| tree | 3484d1a9771833c1af90fe0ad527883e979fcc94 /sbin/init | |
| parent | 1787be53ace76bc6ac756a0f83d01a083614bb99 (diff) | |
settimeofday(2) restruction moved to secure level 2.
Diffstat (limited to 'sbin/init')
| -rw-r--r-- | sbin/init/init.8 | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/sbin/init/init.8 b/sbin/init/init.8 index ba5c9da6e52..c13e19821e9 100644 --- a/sbin/init/init.8 +++ b/sbin/init/init.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: init.8,v 1.6 1997/03/26 01:59:37 deraadt Exp $ +.\" $OpenBSD: init.8,v 1.7 1997/04/05 22:06:10 millert Exp $ .\" $NetBSD: init.8,v 1.6 1995/03/18 14:56:31 cgd Exp $ .\" .\" Copyright (c) 1980, 1991, 1993 @@ -104,16 +104,18 @@ disks for mounted filesystems, and .Pa /dev/kmem are read-only. -The -.Xr settimeofday 2 -system call can only advance the time. .It Ic 2 Highly secure mode \- same as secure mode, plus disks are always -read-only whether mounted or not. +read-only whether mounted or not and +the +.Xr settimeofday 2 +system call can only advance the time. This level precludes tampering with filesystems by unmounting them, but also inhibits running .Xr newfs 8 -while the system is multi-user. +while the system is multi-user. Because the clock cannot +be set back in time, malicious users who have gained root +priviledges are unable to change a file's ctime. .El .Pp Normally, the system runs in level 0 mode while single user |