Spoofing time and space with DTrace
By relling on Feb 06, 2005
Now that more people are convinced that they can't trust the hostids anymore, I now feel compelled to add that you can't trust time or space either. It is just as easy to spoof time on a per-pid basis as the hostid. Some counter that they could stat a file and see what time it is based on the latest mtime, but that too is fairly trivial to spoof. Still others insist that they could do an NTP lookup to a well known time server -- also spoofable. None of these methods can successfully be used to guarantee anything. Software vendors must trust their customers.