On Mon, 09 Mar 2015 11:01:12 +0100 Jiri Slaby <jslaby@xxxxxxx> wrote: > On 03/06/2015, 02:16 PM, Raymond Jennings wrote: > > On Fri, 2015-02-27 at 18:40 +0100, Jiri Slaby wrote: > >> So check the absolute difference of times and if it large than "8 > >> seconds or so", always update the time. That means we will update > >> immediatelly when changing time. Ergo, CAP_SYS_TIME can foul the > >> check, but it was always that way. > > > > If I may ask, what is supposed to happen normally when you write to a > > tty device? I always thought the tty device was treated just like a > > normal file wrt. timestamps. > > > > Now I see a patch for 8 seconds something. > > Yes, because you do not want to be given any clue when users are typing > passwords. You could intercept the length of the password from the > pauses between key strokes (tty timestamps). On any vaguely idle box I can do the same and in fact probably far better by measuring latencies via rdtsc and continually forcing a dword out of cache in a tight loop. It's a pointless change, second granularities are not useful for most kinds of attack of this nature. Alan -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html