From: Miroslav Lichvar <mlichvar@redhat.com>
To: Ondrej Mosnacek <omosnace@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
linux-audit@redhat.com, Paul Moore <paul@paul-moore.com>,
Richard Guy Briggs <rgb@redhat.com>,
Steve Grubb <sgrubb@redhat.com>,
John Stultz <john.stultz@linaro.org>,
Stephen Boyd <sboyd@kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [RFC PATCH ghak10 v4 0/2] audit: Log modifying adjtimex(2) calls
Date: Tue, 21 Aug 2018 09:21:14 +0200 [thread overview]
Message-ID: <20180821072114.GC23069@localhost> (raw)
In-Reply-To: <alpine.DEB.2.21.1808201721350.1551@nanos.tec.linutronix.de>
> On Mon, 20 Aug 2018, Ondrej Mosnacek wrote:
> > @John or other timekeeping/NTP folks: We had a discussion on the audit
> > ML on which of the internal timekeeping/NTP variables we should actually
> > log changes for. We are only interested in variables that can (directly
> > or indirectly) cause noticeable changes to the system clock, but since we
> > have only limited understanding of the NTP code, we would like to ask
> > you for advice on which variables are security relevant.
I guess that mostly depends on whether you consider setting the clock
to run faster or slower than real time to be an important event for
the audit.
> > - NTP value adjustments:
> > - time_offset (probably important)
This can adjust the clock by up to 0.5 seconds per call and also speed
it up or slow down by up to about 0.05% (43 seconds per day).
> > - time_freq (maybe not important?)
This can speed up or slow down by up to about 0.05%.
> > - time_status (likely important, can cause leap second injection)
Yes, it can insert/delete leap seconds and it also enables/disables
synchronization of the hardware real-time clock.
> > - time_maxerror (maybe not important?)
> > - time_esterror (maybe not important?)
These two change the error estimates that are reported to applications
using ntp_gettime()/adjtimex(). If an application was periodically
checking that the clock is synchronized with some specified accuracy
and setting the maxerror to a larger value would cause the application
to abort, would it be an important event in the audit?
> > - time_constant (???)
This controls the speed of the clock adjustments that are made when
time_offset is set. Probably not important for the audit.
> > - time_adjust (sounds important)
This is similar to time_freq. It can temporarily speed up or slow down
the clock by up to 0.05%.
> > - tick_usec (???)
This is a more extreme version of time_freq. It can speed up or slow
down the clock by up to 10%.
--
Miroslav Lichvar
next prev parent reply other threads:[~2018-08-21 7:21 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-20 12:38 [RFC PATCH ghak10 v4 0/2] audit: Log modifying adjtimex(2) calls Ondrej Mosnacek
2018-08-20 12:38 ` [RFC PATCH ghak10 v4 1/2] audit: Add functions to log time adjustments Ondrej Mosnacek
2018-08-20 12:38 ` [RFC PATCH ghak10 v4 2/2] timekeeping/ntp: Audit clock/NTP params adjustments Ondrej Mosnacek
2018-08-20 15:21 ` [RFC PATCH ghak10 v4 0/2] audit: Log modifying adjtimex(2) calls Thomas Gleixner
2018-08-21 7:21 ` Miroslav Lichvar [this message]
2018-08-22 21:27 ` Paul Moore
2018-08-22 21:27 ` Paul Moore
2018-08-23 9:14 ` Ondrej Mosnacek
2018-08-23 11:50 ` Paul Moore
2018-08-24 14:56 ` Steve Grubb
2018-09-13 13:58 ` Ondrej Mosnacek
2018-09-13 13:58 ` Ondrej Mosnacek
2018-09-13 14:07 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180821072114.GC23069@localhost \
--to=mlichvar@redhat.com \
--cc=john.stultz@linaro.org \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=rgb@redhat.com \
--cc=sboyd@kernel.org \
--cc=sgrubb@redhat.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.