[arch-general] Leap seconds ntp and chrony?

Tom Gundersen teg at jklm.no
Tue Jul 3 13:48:16 EDT 2012


On Jul 3, 2012 6:33 PM, "Kevin Chadwick" <ma1l1ists at yahoo.co.uk> wrote:
>
>
> Watches are perfectly acceptable time keepers especially considering I
> have a cheap watch stuffed in a drawer that I was surprised hasn't lost
> seconds in years. RTC: I'm fairly sure many older ones don't even have
> crystals but are probably still good enough, though I have no
> accurate quantification yet.
>
>
> > Like everything else ntpd has to be properly secured and configured, if
> > properly done I suppose it isn't a bigger security problem than anything
> > else with network access. This problem about the leap second and
> > programs going awry is due to a bug in the kernel and not a problem with
> > ntp itself, the only fault that can be attributed to ntp is to expose
> > that bug.
>
> Attacker controlled or influenced time is actually more serious than
> you would think for crypto, logging etc., which is why OpenBSD put so
> much effort into it and don't allow the clock to go backwards.

Are you claiming that the security problem of ntp is that it might cause
time to jump backwards?

In that case we are lucky, because that's not how it works. Unless you
specifically tell it to, the time will still be monotone and (almost)
continuous while adjusted by ntp on Linux.

I suggest checking how things work before worrying about imaginary security
threats. Also, read up on the drift rates of RTCs, they are generally
really bad.

Tom


More information about the arch-general mailing list