clock riddle

[Steve Grubb]

On Tuesday 24 February 2009 01:40:40 am Gregory Maxwell wrote:
> This shouldn't have been sent to this list: It should have been filed
> as a confidential bug, it's CERT announcement material.  I guess its
> too late now.

Yes, I think so, too. From a security PoV, this creates a big problem in log 
correlation. An attacker can create a misleading audit trail that might make 
something look like it happened at one time while it really happened at 
another. You also have time based authentications that could allow access at 
disallowed times, and you can also prevent cron jobs from running that 
perhaps would have found an intrusion.

A bug should be filed and this should be fixed in all affected releases ASAP.

-Steve