-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Datastore: System clocks do step back #603
Comments
Or... should the system clock step back check exist at all? |
I think the step back check has a valid purpose, but it should allow for a short window of variance (1s? 3s?). |
Maybe, but it only protects against an attack vector where the system clock steps back during the metadata validation process. I don't think there's anything stopping an attacker from setting the system clock back before the whole process starts, which seems easier to do in the first place. I don't have a total grasp over the attack vector and the mitigation that Line 590 in d5c30ee
What's missing is why. What are we mitigating exactly.
This kind of illustrates the problem. What is a valid fudge factor for bad clocks? Who knows? |
Put differently, is there a critical point in the metadata validation algorithm in which stepping the clock back would be more beneficial to an attacker than having done that before the start of the algorithm? |
The
system_time
function in the data store is designed to prevent a clock from stepping back while reading targets; however, some systems do step back. Should there be a tolerance for the stepped back time?The text was updated successfully, but these errors were encountered: