aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorAdrian Bunk <bunk@stusta.de>2006-11-17 17:42:43 +0100
committerAdrian Bunk <bunk@stusta.de>2006-11-17 17:42:43 +0100
commite6169b53986005dff5307cc8ac1f555334073d09 (patch)
treeaed0a633a1ce4f94e38192cfd20610eb940ff3df /security
parent6e16bd44c369e8fd336ef4c11116adaef6d6f3a2 (diff)
security/seclvl.c: fix time wrap (CVE-2005-4352)
initlvl=2 in seclvl gives the guarantee "Cannot decrement the system time". But it was possible to set the time to the maximum unixtime value (19 Jan 2038) resulting in a wrap to the minimum value. This patch fixes this by disallowing setting the time to any date after 2030 with initlvl=2. Signed-off-by: Adrian Bunk <bunk@stusta.de>
Diffstat (limited to 'security')
-rw-r--r--security/seclvl.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/security/seclvl.c b/security/seclvl.c
index 8529ea6f7aa..8ebe647b587 100644
--- a/security/seclvl.c
+++ b/security/seclvl.c
@@ -381,6 +381,8 @@ static int seclvl_settime(struct timespec *tv, struct timezone *tz)
current->group_leader->pid);
return -EPERM;
} /* if attempt to decrement time */
+ if (tv->tv_sec > 1924988400) /* disallow dates after 2030) */
+ return -EPERM; /* CVE-2005-4352 */
} /* if seclvl > 1 */
return 0;
}