From nsayer@medusa.kfu.com Tue Mar  2 15:36:54 1999
Return-Path: <nsayer@medusa.kfu.com>
Received: from quack.kfu.com (quack.kfu.com [170.1.70.2])
	by hub.freebsd.org (Postfix) with ESMTP id 706FF14D23
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  2 Mar 1999 15:36:49 -0800 (PST)
	(envelope-from nsayer@medusa.kfu.com)
Received: from medusa.kfu.com (medusa.kfu.com [170.1.70.5])
	by quack.kfu.com (8.8.7/8.8.5) with ESMTP id PAA15911
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 2 Mar 1999 15:36:19 -0800 (PST)
Received: (from nsayer@localhost)
	by medusa.kfu.com (8.8.8/8.8.8) id PAA08912;
	Tue, 2 Mar 1999 15:36:19 -0800 (PST)
	(envelope-from nsayer)
Message-Id: <199903022336.PAA08912@medusa.kfu.com>
Date: Tue, 2 Mar 1999 15:36:19 -0800 (PST)
From: Nick Sayer <nsayer@quack.kfu.com>
Sender: nsayer@medusa.kfu.com
Reply-To: nsayer@quack.kfu.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: securelevel>=1 too restrictive on time changes
X-Send-Pr-Version: 3.2

>Number:         10361
>Category:       kern
>Synopsis:       securelevel>=1 too restrictive on time changes
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar  2 15:40:01 PST 1999
>Closed-Date:    Wed Apr 7 09:37:11 PDT 1999
>Last-Modified:  Wed Apr  7 09:37:43 PDT 1999
>Originator:     Nick Sayer
>Release:        FreeBSD 3.1-RELEASE i386
>Organization:
Just me
>Environment:

>Description:

securelevel>0 does not allow negative time changes. While the
idea is laudable, it causes problems for xntpd on new machines
that have to step the clock at first in order to get "dialed in"
Perhaps allowing changes of a couple seconds or less or something
that should be done instead. Either that or xntpd should have a
(non-compile) option to disallow stepping.

>How-To-Repeat:

>Fix:
	

>Release-Note:
>Audit-Trail:

From: patl@phoenix.volant.org
To: nsayer@quack.kfu.com
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/10361: securelevel>=1 too restrictive on time changes
Date: Wed, 3 Mar 1999 10:57:24 -0800 (PST)

  securelevel>0 does not allow negative time changes. While the
 > idea is laudable, it causes problems for xntpd on new machines
 > that have to step the clock at first in order to get "dialed in"
 > Perhaps allowing changes of a couple seconds or less or something
 > that should be done instead. Either that or xntpd should have a
 > (non-compile) option to disallow stepping.
 
 As a work-around, try running ntpdate once during startup before
 starting xntpd or increasing the securelevel.
 
 
 
 -Pat
 
State-Changed-From-To: open->closed 
State-Changed-By: nsayer 
State-Changed-When: Wed Apr 7 09:37:11 PDT 1999 
State-Changed-Why:  
Committed improved code to clamp negative adjustments 
>Unformatted:
