diff options
| author | Adrian Bunk <bunk@stusta.de> | 2006-11-17 17:42:43 +0100 |
|---|---|---|
| committer | Adrian Bunk <bunk@stusta.de> | 2006-11-17 17:42:43 +0100 |
| commit | e6169b53986005dff5307cc8ac1f555334073d09 (patch) | |
| tree | aed0a633a1ce4f94e38192cfd20610eb940ff3df | |
| parent | 6e16bd44c369e8fd336ef4c11116adaef6d6f3a2 (diff) | |
security/seclvl.c: fix time wrap (CVE-2005-4352)
initlvl=2 in seclvl gives the guarantee
"Cannot decrement the system time".
But it was possible to set the time to the maximum unixtime value
(19 Jan 2038) resulting in a wrap to the minimum value.
This patch fixes this by disallowing setting the time to any date
after 2030 with initlvl=2.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
| -rw-r--r-- | security/seclvl.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/seclvl.c b/security/seclvl.c index 8529ea6f7aa8..8ebe647b587d 100644 --- a/security/seclvl.c +++ b/security/seclvl.c @@ -381,6 +381,8 @@ static int seclvl_settime(struct timespec *tv, struct timezone *tz) current->group_leader->pid); return -EPERM; } /* if attempt to decrement time */ + if (tv->tv_sec > 1924988400) /* disallow dates after 2030) */ + return -EPERM; /* CVE-2005-4352 */ } /* if seclvl > 1 */ return 0; } |