Databases
StackOverflow2013
Postsdbo
POPOSIX compliant way to tell if system rebooted?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POPOSIX compliant way to tell if system rebooted?
    text
    copied!<p>I'm writing some highly portable security code. I'm trying to avoid security flaw in a utility program such as <a href="http://packetstormsecurity.com/files/122965" rel="noreferrer">this one</a> found in some versions of <code>sudo</code>:</p> <blockquote> <p>... it is possible to become the super user by running <code>sudo -k</code> and then resetting the system clock to 01-01-1970.</p> </blockquote> <p>This happens because <code>sudo</code> relies on absolute (aka calendar) time to determine whether or not access has timed out.</p> <p>My idea is to use <code>CLOCK_MONOTONIC</code> defined in <code>time.h.</code></p> <p>From the <a href="http://pubs.opengroup.org/onlinepubs/009695399/basedefs/time.h.html#tag_13_76" rel="noreferrer">POSIX standard</a>,</p> <blockquote> <p>[CLOCK_MONOTONIC is] defined as a clock whose value cannot be set via clock_settime() and which cannot have backward clock jumps. The maximum possible clock jump shall be implementation-defined.</p> </blockquote> <p>Problem is, on many (most?) systems, <code>CLOCK_MONOTONIC</code> resets on reboot. <strong>Is there any <em>guaranteed</em> POSIX-compliant way to determine whether or not the system has rebooted since a program last ran?</strong></p> <p>One (bad) way is to check whether or not the stored clock value is greater than the current clock value, however this just shifts the problem. On systems where <code>CLOCK_MONOTONIC</code> resets on reboot, there could be a short window of length <code>TIMEOUT</code> where access would be permitted.</p> <p>What am I missing that would avoid this problem?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload