< Previous by Date	Date Index	Next by Date >
	Thread Index	Next in Thread >

[reSIProcate] Timer vulnerability

From: Kenneth Ho <kenho@xxxxxxxxxxxxxx>
Date: Mon, 04 Apr 2005 14:16:17 +0800

We are experiencing users hacking our client software on windows. Theydo so by manipulating windows system time. Which causes timers to befired prematurely and incur undesired behavior in the stack.

As a counter to these hacks, I plan to change Timer::getSystemTime() touse GetTickCount() instead of GetSystemTime() for windows. The drawbacksare:1. The value returned would have less precision. From 1/million secondto 1/thousand second, but remain the same unit (1/million second). Whichshould not be a big deal, at least on Windows anyhow.2. The value returned would not be associated to calendar time anymore.This worries me somewhat, I am not sure if anyone uses this function insuch a way.

Ken

Follow-Ups:
- Re: [reSIProcate] Timer vulnerability
  - From: david Butcher

Prev by Date: [reSIProcate] svn 4223 problem FIXED
Next by Date: [reSIProcate] Changes to resiprocate/dum interfaces
Previous by thread: [reSIProcate] svn 4223 problem FIXED
Next by thread: Re: [reSIProcate] Timer vulnerability
Index(es):
- Date
- Thread