security/seclvl.c: fix time wrap (CVE-2005-4352)

initlvl=2 in seclvl gives the guarantee "Cannot decrement the system time". But it was possible to set the time to the maximum unixtime value (19 Jan 2038) resulting in a wrap to the minimum value. This patch fixes this by disallowing setting the time to any date after 2030 with initlvl=2. Signed-off-by: Adrian Bunk <bunk@stusta.de>

security/seclvl.c: fix time wrap (CVE-2005-4352)
initlvl=2 in seclvl gives the guarantee "Cannot decrement the system time". But it was possible to set the time to the maximum unixtime value (19 Jan 2038) resulting in a wrap to the minimum value. This patch fixes this by disallowing setting the time to any date after 2030 with initlvl=2. Signed-off-by: Adrian Bunk <bunk@stusta.de>
e6169b53 · Adrian Bunk · 6e16bd44 · e6169b53
Commit e6169b53 authored Nov 17, 2006 by Adrian Bunk
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

security/seclvl.c security/seclvl.c +2 -0

No files found.
--- a/security/seclvl.c
+++ b/security/seclvl.c
@@ -381,6 +381,8 @@ static int seclvl_settime(struct timespec *tv, struct timezone *tz)
 				      current->group_leader->pid);
 			return -EPERM;
 		}		/* if attempt to decrement time */
+		if (tv->tv_sec > 1924988400)	/* disallow dates after 2030) */
+			return -EPERM;		/* CVE-2005-4352 */
 	}			/* if seclvl > 1 */
 	return 0;
 }