Re: Security Hole in Axent ESM

[shields () CROSSLINK NET (Michael Shields)]

In article <199808300501.BAA08612 () Bahamut dragonfire net>,
Andy Church <achurch () DRAGONFIRE NET> wrote:
>      In other words, if you can't manually set the clock back, get the
> system to do it for you.  And if the system doesn't allow the clock to
> "turn over", then all sorts of things will go bonkers when the clock hits
> its maximum (cron jobs, for one), turning this into a DoS of sorts.  So I
> don't see this as a particularly effective measure.  One way I could see to
> make this more effective would be to use 64-bit times and disallow both
> setting the clock back and changing the top 2 bits to anything other than
> zero.  This would break the rollover attack without causing any premature
> Y2k-like problems (2^62 seconds ~= 10^13 years).

This is still a DOS of sorts, as you can set the clock to 2^62-1, and
then it will be impossible to return the clock to the correct time
without rebooting.  Many things will probably be unhappy to find
themselves 10^13 years in the future.
--
Shields, CrossLink.