FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

 
 
LinkBack Thread Tools
 
Old 07-03-2012, 04:32 PM
Kevin Chadwick
 
Default Leap seconds ntp and chrony?

Watches are perfectly acceptable time keepers especially considering I
have a cheap watch stuffed in a drawer that I was surprised hasn't lost
seconds in years. RTC: I'm fairly sure many older ones don't even have
crystals but are probably still good enough, though I have no
accurate quantification yet.


> Like everything else ntpd has to be properly secured and configured, if
> properly done I suppose it isn't a bigger security problem than anything
> else with network access. This problem about the leap second and
> programs going awry is due to a bug in the kernel and not a problem with
> ntp itself, the only fault that can be attributed to ntp is to expose
> that bug.

Attacker controlled or influenced time is actually more serious than
you would think for crypto, logging etc., which is why OpenBSD put so
much effort into it and don't allow the clock to go backwards. So do the
benefits of ntp outweigh the risk. I'm simply saying in most scenarios
no.

I'm not saying ntp is at fault, however manually setting the date fixes
this problem. So the easiest and in my opinion best solution for
most users that wasn't put forward for most users is to disable ntp and
set the clock to mr atomic.


--
__________________________________________________ ______

Why not do something good every day and install BOINC.
__________________________________________________ ______
 
Old 07-03-2012, 04:48 PM
Ralf Mardorf
 
Default Leap seconds ntp and chrony?

On Tue, 2012-07-03 at 08:40 +0100, P .NIKOLIC wrote:
> Is your system of national importance NO do you have top secret
> millitary info on your system NO

You're mistaken Pete,

if we would talk about our orders we would have to kill you .

Greetings from my Mossad-PC,
Ralf

# ntpdate ntp.favey.ch
3 Jul 18:48:10 ntpdate[6687]: step time server 195.34.89.227 offset
-1.147282 sec
 
Old 07-03-2012, 05:48 PM
Tom Gundersen
 
Default Leap seconds ntp and chrony?

On Jul 3, 2012 6:33 PM, "Kevin Chadwick" <ma1l1ists@yahoo.co.uk> wrote:
>
>
> Watches are perfectly acceptable time keepers especially considering I
> have a cheap watch stuffed in a drawer that I was surprised hasn't lost
> seconds in years. RTC: I'm fairly sure many older ones don't even have
> crystals but are probably still good enough, though I have no
> accurate quantification yet.
>
>
> > Like everything else ntpd has to be properly secured and configured, if
> > properly done I suppose it isn't a bigger security problem than anything
> > else with network access. This problem about the leap second and
> > programs going awry is due to a bug in the kernel and not a problem with
> > ntp itself, the only fault that can be attributed to ntp is to expose
> > that bug.
>
> Attacker controlled or influenced time is actually more serious than
> you would think for crypto, logging etc., which is why OpenBSD put so
> much effort into it and don't allow the clock to go backwards.

Are you claiming that the security problem of ntp is that it might cause
time to jump backwards?

In that case we are lucky, because that's not how it works. Unless you
specifically tell it to, the time will still be monotone and (almost)
continuous while adjusted by ntp on Linux.

I suggest checking how things work before worrying about imaginary security
threats. Also, read up on the drift rates of RTCs, they are generally
really bad.

Tom
 
Old 07-03-2012, 06:39 PM
Leonid Isaev
 
Default Leap seconds ntp and chrony?

On Tue, 3 Jul 2012 17:32:40 +0100
Kevin Chadwick <ma1l1ists@yahoo.co.uk> wrote:

>
> Watches are perfectly acceptable time keepers especially considering I
> have a cheap watch stuffed in a drawer that I was surprised hasn't lost
> seconds in years. RTC: I'm fairly sure many older ones don't even have
> crystals but are probably still good enough, though I have no
> accurate quantification yet.

Noone cares about seconds -- we talk about a 10ns resolution. This is cool,
especially if you consider the time scale on which the current propagates
inside your motherboard.

>
>
> > Like everything else ntpd has to be properly secured and configured, if
> > properly done I suppose it isn't a bigger security problem than anything
> > else with network access. This problem about the leap second and
> > programs going awry is due to a bug in the kernel and not a problem with
> > ntp itself, the only fault that can be attributed to ntp is to expose
> > that bug.
>
> Attacker controlled or influenced time is actually more serious than
> you would think for crypto, logging etc., which is why OpenBSD put so
> much effort into it and don't allow the clock to go backwards. So do the
> benefits of ntp outweigh the risk. I'm simply saying in most scenarios
> no.

While I respect OpenBSD, sometimes I think they create too much buzz around
their "security". I have never seen a clear case when OpenNTPD was a winner
security-wise (i.e. not after a default installation).

Are you telling me that if my clock is in the future, openntpd is not going
to adjust it backwards? This certainly happened to me across DST when my clock
was on localtime. NTPD also does this, see man ntpd.

As with any networking protocol, any NTPD implementation opens you to yet
another attack vector -- yes. However, there are also countermeasures, see
http://www.eecis.udel.edu/~mills/security.html.

Have you seen the movie Entrapment
(http://en.wikipedia.org/wiki/Entrapment_(film))? This is roughly how attacks
over NTP can be carried out...

>
> I'm not saying ntp is at fault, however manually setting the date fixes
> this problem. So the easiest and in my opinion best solution for
> most users that wasn't put forward for most users is to disable ntp and
> set the clock to mr atomic.
>

Again, RTCs are usually crap -- by design. My understanding that it's not the
drift which troubles, it's the unpredictibility which renders them useless for
event coordination. So if you want good timing you'll have to use ntpd because
OpenNTPD is less accurate, has fewer features and is long unsupported on Linux.

>



--
Leonid Isaev
GnuPG key: 0x164B5A6D
Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
 
Old 07-03-2012, 07:14 PM
"P .NIKOLIC"
 
Default Leap seconds ntp and chrony?

On Tue, 03 Jul 2012 18:48:44 +0200
Ralf Mardorf <ralf.mardorf@alice-dsl.net> wrote:

> On Tue, 2012-07-03 at 08:40 +0100, P .NIKOLIC wrote:
> > Is your system of national importance NO do you have top secret
> > millitary info on your system NO
>
> You're mistaken Pete,
>
> if we would talk about our orders we would have to kill you .
>
> Greetings from my Mossad-PC,
> Ralf
>
> # ntpdate ntp.favey.ch
> 3 Jul 18:48:10 ntpdate[6687]: step time server 195.34.89.227 offset
> -1.147282 sec
>

I very much doubt that know what i mean

Pete click bang


--
Linux 7-of-9 3.4.4-2-ARCH #1 SMP PREEMPT Sun Jun 24 18:59:47 CEST 2012
x86_64 GNU/Linux
 
Old 07-03-2012, 08:15 PM
Ralf Mardorf
 
Default Leap seconds ntp and chrony?

On Tue, 2012-07-03 at 20:14 +0100, P .NIKOLIC wrote:
> On Tue, 03 Jul 2012 18:48:44 +0200
> Ralf Mardorf <ralf.mardorf@alice-dsl.net> wrote:
>
> > On Tue, 2012-07-03 at 08:40 +0100, P .NIKOLIC wrote:
> > > Is your system of national importance NO do you have top secret
> > > millitary info on your system NO
> >
> > You're mistaken Pete,
> >
> > if we would talk about our orders we would have to kill you .
> >
> > Greetings from my Mossad-PC,
> > Ralf
> >
> > # ntpdate ntp.favey.ch
> > 3 Jul 18:48:10 ntpdate[6687]: step time server 195.34.89.227 offset
> > -1.147282 sec
> >
>
> I very much doubt that know what i mean
>
> Pete click bang
>
>

I completely agree with your statement. However we sync time for our
Linux computers, it's not a very important security risk. And yes, I got
the notice to terminate from my side job at the Mossad some seconds
after I send my last mail to the list.

- Ralf
 
Old 07-03-2012, 08:57 PM
Ralf Mardorf
 
Default Leap seconds ntp and chrony?

On Tue, 2012-07-03 at 22:15 +0200, Ralf Mardorf wrote:
> On Tue, 2012-07-03 at 20:14 +0100, P .NIKOLIC wrote:
> > On Tue, 03 Jul 2012 18:48:44 +0200
> > Ralf Mardorf <ralf.mardorf@alice-dsl.net> wrote:
> >
> > > On Tue, 2012-07-03 at 08:40 +0100, P .NIKOLIC wrote:
> > > > Is your system of national importance NO do you have top secret
> > > > millitary info on your system NO
> > >
> > > You're mistaken Pete,
> > >
> > > if we would talk about our orders we would have to kill you .
> > >
> > > Greetings from my Mossad-PC,
> > > Ralf
> > >
> > > # ntpdate ntp.favey.ch
> > > 3 Jul 18:48:10 ntpdate[6687]: step time server 195.34.89.227 offset
> > > -1.147282 sec
> > >
> >
> > I very much doubt that know what i mean
> >
> > Pete click bang
> >
> >
>
> I completely agree with your statement. However we sync time for our
> Linux computers, it's not a very important security risk. And yes, I got
> the notice to terminate from my side job at the Mossad some seconds
> after I send my last mail to the list.
>
> - Ralf

Last time somebody on this list mentioned Kim Jong-il as an anonymous
Arch package builder, Kim Jong-il died some days or weeks later .
Regarding to the Wiki he died at 17 December 2011. I'm sure around this
time there was a joke about security too, before this idiot died.
Nostradamus you're subscribed to this list,
http://upload.wikimedia.org/wikipedia/commons/thumb/c/c6/Nostradamus_by_Cesar.jpg/220px-Nostradamus_by_Cesar.jpg
Who are you?
http://upload.wikimedia.org/wikipedia/en/thumb/7/75/Who_Are_You_album_cover.JPG/220px-Who_Are_You_album_cover.JPG
 
Old 07-03-2012, 11:21 PM
Kevin Chadwick
 
Default Leap seconds ntp and chrony?

> On Tue, 3 Jul 2012 17:32:40 +0100
> Kevin Chadwick <ma1l1ists@yahoo.co.uk> wrote:
>
> >
> > Watches are perfectly acceptable time keepers especially considering I
> > have a cheap watch stuffed in a drawer that I was surprised hasn't lost
> > seconds in years. RTC: I'm fairly sure many older ones don't even have
> > crystals but are probably still good enough, though I have no
> > accurate quantification yet.
>
> Noone cares about seconds -- we talk about a 10ns resolution. This is cool,
> especially if you consider the time scale on which the current propagates
> inside your motherboard.
>

ns resolution like rtos is a requirement for certain and few
applications. Who'd have thought such a simple rational mind resting
suggestion not involving a reboot, would cause all this. I've never seen
a system crash even due to a wildly drifting clock, yet many have it
seems using ntp. So can that talk possibly be relevant not that I
wouldn't be interested in what comes to your mind when saying that. Do
you mean voltage?

> >
> >
> > > Like everything else ntpd has to be properly secured and configured, if
> > > properly done I suppose it isn't a bigger security problem than anything
> > > else with network access. This problem about the leap second and
> > > programs going awry is due to a bug in the kernel and not a problem with
> > > ntp itself, the only fault that can be attributed to ntp is to expose
> > > that bug.
> >
> > Attacker controlled or influenced time is actually more serious than
> > you would think for crypto, logging etc., which is why OpenBSD put so
> > much effort into it and don't allow the clock to go backwards. So do the
> > benefits of ntp outweigh the risk. I'm simply saying in most scenarios
> > no.
>
> While I respect OpenBSD, sometimes I think they create too much buzz around
> their "security". I have never seen a clear case when OpenNTPD was a winner
> security-wise (i.e. not after a default installation).
>

What does that mean. You know OpenBSD is the only OS to be banned from
a certain security competition, right? Like ninjitsu from MMA, it just
spoilt the game.


> Are you telling me that if my clock is in the future, openntpd is not going
> to adjust it backwards? This certainly happened to me across DST when my clock
> was on localtime. NTPD also does this, see man ntpd.
>

You would need to defeat the kernel if OpenBSD is booted to securelevel
2. It's rediculously more bug free than linux too as this problem
demonstrates.


> As with any networking protocol, any NTPD implementation opens you to yet
> another attack vector -- yes. However, there are also countermeasures, see
> http://www.eecis.udel.edu/~mills/security.html.
>
> Have you seen the movie Entrapment
> (http://en.wikipedia.org/wiki/Entrapment_(film))? This is roughly how attacks
> over NTP can be carried out...
>
> >
> > I'm not saying ntp is at fault, however manually setting the date fixes
> > this problem. So the easiest and in my opinion best solution for
> > most users that wasn't put forward for most users is to disable ntp and
> > set the clock to mr atomic.
> >
>
> Again, RTCs are usually crap -- by design. My understanding that it's not the
> drift which troubles, it's the unpredictibility which renders them useless for
> event coordination. So if you want good timing you'll have to use ntpd because
> OpenNTPD is less accurate, has fewer features and is long unsupported on Linux.
>
> >

Accuracy wasn't the priority, though it was obviously a goal and Linux
isn't a realtime OS. Define good timing and why the average users needs
it. As I have said ntp has it's uses as does GPS time if not taken on
face value (OpenBSD avoids the spoofing problem). I wonder if the
Linux variants do, I hear they are full of features as usual, what about
consideration?


> Useless for event coordination

are you talking a missile strike because my cron runs just fine?

I believe the main reason for ntp in the main is to ensure avoidance of
broken clocks like an old tv system of mine that used to keep good time
has. If you take personal care of your systems it is likely just
unneeded risk.



--
__________________________________________________ ______

Why not do something good every day and install BOINC.
__________________________________________________ ______
 
Old 07-03-2012, 11:22 PM
Kevin Chadwick
 
Default Leap seconds ntp and chrony?

> > Attacker controlled or influenced time is actually more serious than
> > you would think for crypto, logging etc., which is why OpenBSD put so
> > much effort into it and don't allow the clock to go backwards.
>
> Are you claiming that the security problem of ntp is that it might cause
> time to jump backwards?
>

I think I've been quite clear, similar to negative coding.

OpenBSD has a security measure called securelevel which if raised from
one to two prevents even root setting the clock backwards or near
overflow as this can have consequences for the entropy pool. They also
put in place measures to reduce client time leakage. The obvious point
I ignored is network exploits as clock adjustment is a root process,
which is why OpenBSDs implements priviledge seperation and chroot.

http://www.openbsd.org/papers/ntpd_sucon04/index.html


> In that case we are lucky, because that's not how it works. Unless you
> specifically tell it to, the time will still be monotone and (almost)
> continuous while adjusted by ntp on Linux.
>
> I suggest checking how things work before worrying about imaginary security
> threats. Also, read up on the drift rates of RTCs, they are generally
> really bad.

Explain why that matters for the usual case which is logging. I have
servers some offline from which I can cross reference the logs. Do
you... can you.. would you check your logs to the nanosecond and who
said I worried. requirements, benefits and threats.

Quas dederis solas semper habebis opes.

--
__________________________________________________ ______

Why not do something good every day and install BOINC.
__________________________________________________ ______
 
Old 07-03-2012, 11:36 PM
Kevin Chadwick
 
Default Leap seconds ntp and chrony?

> I believe the main reason for ntp in the main is to ensure avoidance of
> broken clocks like an old tv system of mine that used to keep good time
> has. If you take personal care of your systems it is likely just
> unneeded risk.

Maybe I should add that if I was Google I would certainly use ntp every
time as they have like 1000 servers per engineer.

--
__________________________________________________ ______

Why not do something good every day and install BOINC.
__________________________________________________ ______
 

Thread Tools




All times are GMT. The time now is 09:35 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org