netbsd-help: Re: where does time come from?

Subject: Re: where does time come from?
To: James K. Lowden <jklowden@schemamania.org>
From: Perry E. Metzger <perry@piermont.com>
List: netbsd-help
Date: 09/25/2002 01:58:57 
"James K. Lowden" <jklowden@schemamania.org> writes:
> AFAICT, my ancient 1.4.2 i386 firewall-cum-mailhub went south at 6:04 AM
[...]
> I didn't realize anything was wrong until 13 hours later, at ~19:00. 
I'd strongly suggest upgrading to 1.6 by the way. 1.4.2 has more
security holes than I can name. You're inviting horror.
> What puzzles me is that on restarting, the system still thought it was
> 6:04 (or so). I killed ntpd, ran date(1) to approximate the time,
> ntpdate(8) to fix it, and restarted ntpd. 
> 
> Is the TOD clock initialized from time information on the root filesystem,
> or is it possible my system was compromised and tampered with? 
See sys/arch/i386/isa/clock.c::inittodr()
The first comment in the function tells the story:
 /*
 * We mostly ignore the suggested time (which comes from the
 * file system) and go for the RTC clock time stored in the
 * CMOS RAM. If the time can't be obtained from the CMOS, or
 * if the time obtained from the CMOS is 5 or more years less
 * than the suggested time, we used the suggested time. (In
 * the latter case, it's likely that the CMOS battery has
 * died.)
 */
Did you ignore the following boot message?
 printf("WARNING: clock time much less than file system time\n");
 printf("WARNING: using file system time\n");
-- 
Perry E. Metzger		perry@piermont.com

AltStyle によって変換されたページ (->オリジナル) /