Re: [chrony-dev] Traffic amplification with chrony commands

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


On Mon, Jan 20, 2014 at 09:51:45AM -0800, Bill Unruh wrote:
> On Mon, 20 Jan 2014, Miroslav Lichvar wrote:
> >Most users seem to use chronyc only locally. If they have an update of
> >the distribution package or compile chrony from source code, they will
> >have chronyd and chronyc updated at the same time and should have any
> >problems with it.
> 
> But for those users for which this would not be a problem, they would know the
> password, since they set it up. For users who, for example use a public NTP
> server (do you mean a public chrony ntp server since the commands AFAIK from
> chronyc do not work for a ntpd server anyway) they will quite probably have a
> chronyc that is incompatible with that public chrony server. Ie, precisely the
> ones you are concerned with are the ones that the incompatibility would
> affect.

The users of a public chronyd server can update their chronyc or keep
multiple versions if needed. If all commands suddenly required
password, they would no longer be able to get a useful response from
the server even if their chronyc is compatible, because they don't
know the password.

-- 
Miroslav Lichvar

-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/