Preventing date rollback
Chuck.Phillips
Chuck.Phillips at FtCollins.NCR.COM
Mon Jan 7 22:44:51 AEST 1991
You can't, period -- at least not without hardware support. No matter what
you stat or how you may encrypt whatever information you may wish to encode
about the file system, it can be circumvented. All the user has to do is
make a full backup of the system after the software is installed and
working. Then, at any time in the future, the user can reset the system
clock and restore the entire file system to the state is was at the time of
the backup.
However, in commercial environments, doing this is often more expensive in
lost productivity than the software costs. If someone is really determined
to crack your software, they can always disassemble your application and
modify your protection scheme -- even if you use a &%$# kernal patch to
obscure your protection scheme. (There are other, more subtle ways of
hiding your protection scheme. ;^) Like locking your house or your car, all
you can do is make the job more trouble than it's worth.
That said, if the computer manufacturer were to add a non-resettable piece
of mechanical hardware measuring the elapsed uptime of the computer and
provide a system call for accessing the elapsed time, then at least your
software could check for consistancy. (i.e. If the elapsed uptime is more
than the elapsed clock time encrypted at the time of installation, then
something funny is going on.) As a side benefit, the elapsed uptime
information could be useful for admin folks and hardware maintainers.
#include <std/discalimer.h>
Cheers,
--
Chuck Phillips MS440
NCR Microelectronics chuck.phillips%ftcollins.ncr.com
2001 Danfield Ct.
Ft. Collins, CO. 80525 ...uunet!ncrlnk!ncr-mpd!bach!chuckp
More information about the Comp.unix.admin
mailing list