[arch-general] Leap seconds ntp and chrony?
Kevin Chadwick
ma1l1ists at yahoo.co.uk
Tue Jul 3 19:21:46 EDT 2012
> On Tue, 3 Jul 2012 17:32:40 +0100
> Kevin Chadwick <ma1l1ists at yahoo.co.uk> wrote:
>
> >
> > Watches are perfectly acceptable time keepers especially considering I
> > have a cheap watch stuffed in a drawer that I was surprised hasn't lost
> > seconds in years. RTC: I'm fairly sure many older ones don't even have
> > crystals but are probably still good enough, though I have no
> > accurate quantification yet.
>
> Noone cares about seconds -- we talk about a 10ns resolution. This is cool,
> especially if you consider the time scale on which the current propagates
> inside your motherboard.
>
ns resolution like rtos is a requirement for certain and few
applications. Who'd have thought such a simple rational mind resting
suggestion not involving a reboot, would cause all this. I've never seen
a system crash even due to a wildly drifting clock, yet many have it
seems using ntp. So can that talk possibly be relevant not that I
wouldn't be interested in what comes to your mind when saying that. Do
you mean voltage?
> >
> >
> > > Like everything else ntpd has to be properly secured and configured, if
> > > properly done I suppose it isn't a bigger security problem than anything
> > > else with network access. This problem about the leap second and
> > > programs going awry is due to a bug in the kernel and not a problem with
> > > ntp itself, the only fault that can be attributed to ntp is to expose
> > > that bug.
> >
> > Attacker controlled or influenced time is actually more serious than
> > you would think for crypto, logging etc., which is why OpenBSD put so
> > much effort into it and don't allow the clock to go backwards. So do the
> > benefits of ntp outweigh the risk. I'm simply saying in most scenarios
> > no.
>
> While I respect OpenBSD, sometimes I think they create too much buzz around
> their "security". I have never seen a clear case when OpenNTPD was a winner
> security-wise (i.e. not after a default installation).
>
What does that mean. You know OpenBSD is the only OS to be banned from
a certain security competition, right? Like ninjitsu from MMA, it just
spoilt the game.
> Are you telling me that if my clock is in the future, openntpd is not going
> to adjust it backwards? This certainly happened to me across DST when my clock
> was on localtime. NTPD also does this, see man ntpd.
>
You would need to defeat the kernel if OpenBSD is booted to securelevel
2. It's rediculously more bug free than linux too as this problem
demonstrates.
> As with any networking protocol, any NTPD implementation opens you to yet
> another attack vector -- yes. However, there are also countermeasures, see
> http://www.eecis.udel.edu/~mills/security.html.
>
> Have you seen the movie Entrapment
> (http://en.wikipedia.org/wiki/Entrapment_(film))? This is roughly how attacks
> over NTP can be carried out...
>
> >
> > I'm not saying ntp is at fault, however manually setting the date fixes
> > this problem. So the easiest and in my opinion best solution for
> > most users that wasn't put forward for most users is to disable ntp and
> > set the clock to mr atomic.
> >
>
> Again, RTCs are usually crap -- by design. My understanding that it's not the
> drift which troubles, it's the unpredictibility which renders them useless for
> event coordination. So if you want good timing you'll have to use ntpd because
> OpenNTPD is less accurate, has fewer features and is long unsupported on Linux.
>
> >
Accuracy wasn't the priority, though it was obviously a goal and Linux
isn't a realtime OS. Define good timing and why the average users needs
it. As I have said ntp has it's uses as does GPS time if not taken on
face value (OpenBSD avoids the spoofing problem). I wonder if the
Linux variants do, I hear they are full of features as usual, what about
consideration?
> Useless for event coordination
are you talking a missile strike because my cron runs just fine?
I believe the main reason for ntp in the main is to ensure avoidance of
broken clocks like an old tv system of mine that used to keep good time
has. If you take personal care of your systems it is likely just
unneeded risk.
--
________________________________________________________
Why not do something good every day and install BOINC.
________________________________________________________
More information about the arch-general
mailing list