[arch-general] Leap seconds ntp and chrony?
Kevin Chadwick
ma1l1ists at yahoo.co.uk
Tue Jul 3 12:32:40 EDT 2012
Watches are perfectly acceptable time keepers especially considering I
have a cheap watch stuffed in a drawer that I was surprised hasn't lost
seconds in years. RTC: I'm fairly sure many older ones don't even have
crystals but are probably still good enough, though I have no
accurate quantification yet.
> Like everything else ntpd has to be properly secured and configured, if
> properly done I suppose it isn't a bigger security problem than anything
> else with network access. This problem about the leap second and
> programs going awry is due to a bug in the kernel and not a problem with
> ntp itself, the only fault that can be attributed to ntp is to expose
> that bug.
Attacker controlled or influenced time is actually more serious than
you would think for crypto, logging etc., which is why OpenBSD put so
much effort into it and don't allow the clock to go backwards. So do the
benefits of ntp outweigh the risk. I'm simply saying in most scenarios
no.
I'm not saying ntp is at fault, however manually setting the date fixes
this problem. So the easiest and in my opinion best solution for
most users that wasn't put forward for most users is to disable ntp and
set the clock to mr atomic.
--
________________________________________________________
Why not do something good every day and install BOINC.
________________________________________________________
More information about the arch-general
mailing list