Re: [PATCH ghak10 v8 2/2] ntp: Audit NTP parameters adjustment

From: Paul Moore
Date: Mon Apr 15 2019 - 18:28:53 EST

Next message: Patrick Venture: "Re: [PATCH v6] hwmon: (pmbus/isl68137): Add driver for Intersil ISL68137 PWM Controller"
Previous message: Paul Moore: "Re: [PATCH ghak10 v8 1/2] timekeeping: Audit clock adjustments"
In reply to: Ondrej Mosnacek: "[PATCH ghak10 v8 2/2] ntp: Audit NTP parameters adjustment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 10, 2019 at 5:14 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
>
> Emit an audit record every time selected NTP parameters are modified
> from userspace (via adjtimex(2) or clock_adjtime(2)). These parameters
> may be used to indirectly change system clock, and thus their
> modifications should be audited.
>
> Such events will now generate records of type AUDIT_TIME_ADJNTPVAL
> containing the following fields:
> - op -- which value was adjusted:
> - offset -- corresponding to the time_offset variable
> - freq -- corresponding to the time_freq variable
> - status -- corresponding to the time_status variable
> - adjust -- corresponding to the time_adjust variable
> - tick -- corresponding to the tick_usec variable
> - tai -- corresponding to the timekeeping's TAI offset
> - old -- the old value
> - new -- the new value
>
> Example records:
>
> type=TIME_ADJNTPVAL msg=audit(1530616044.507:7): op=status old=64 new=8256
> type=TIME_ADJNTPVAL msg=audit(1530616044.511:11): op=freq old=0 new=49180377088000
>
> The records of this type will be associated with the corresponding
> syscall records.
>
> An overview of parameter changes that can be done via do_adjtimex()
> (based on information from Miroslav Lichvar) and whether they are
> audited:
> __timekeeping_set_tai_offset() -- sets the offset from the
> International Atomic Time
> (AUDITED)
> NTP variables:
> time_offset -- can adjust the clock by up to 0.5 seconds per call
> and also speed it up or slow down by up to about
> 0.05% (43 seconds per day) (AUDITED)
> time_freq -- can speed up or slow down by up to about 0.05%
> (AUDITED)
> time_status -- can insert/delete leap seconds and it also enables/
> disables synchronization of the hardware real-time
> clock (AUDITED)
> time_maxerror, time_esterror -- change error estimates used to
> inform userspace applications
> (NOT AUDITED)
> time_constant -- controls the speed of the clock adjustments that
> are made when time_offset is set (NOT AUDITED)
> time_adjust -- can temporarily speed up or slow down the clock by up
> to 0.05% (AUDITED)
> tick_usec -- a more extreme version of time_freq; can speed up or
> slow down the clock by up to 10% (AUDITED)
>
> Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> Reviewed-by: Richard Guy Briggs <rgb@xxxxxxxxxx>
> Reviewed-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> ---
> include/linux/audit.h | 61 ++++++++++++++++++++++++++++++++++++++
> include/uapi/linux/audit.h | 1 +
> kernel/auditsc.c | 22 ++++++++++++++
> kernel/time/ntp.c | 22 ++++++++++++--
> kernel/time/ntp_internal.h | 4 ++-
> kernel/time/timekeeping.c | 7 ++++-
> 6 files changed, 112 insertions(+), 5 deletions(-)

Merged into audit/next, thanks.

--
paul moore
www.paul-moore.com

Next message: Patrick Venture: "Re: [PATCH v6] hwmon: (pmbus/isl68137): Add driver for Intersil ISL68137 PWM Controller"
Previous message: Paul Moore: "Re: [PATCH ghak10 v8 1/2] timekeeping: Audit clock adjustments"
In reply to: Ondrej Mosnacek: "[PATCH ghak10 v8 2/2] ntp: Audit NTP parameters adjustment"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]