| Re: [chrony-dev] Traffic amplification with chrony commands |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-dev Archives
]
On Fri, Jan 17, 2014 at 03:15:38PM -0600, John Hasler wrote:
> Thomas Sprinkmeier writes:
> > Given that some (many? most?) will likely reuse a valuable password
> > you'll make chrony a much more attractive target: attackers who might
> > not care about the amplification attack could target chrony to reveal
> > passwords.
>
> I don't think that any significant number of the sort of end-users that
> behave that way are likely to enable remote access at all.
There is a group of users we might have neglected. Some chronyc users
don't have root access to the system running chronyd and they don't
know the password (e.g. users of a public NTP server).
After giving it more thought, I think it's really better to keep the
monitoring commands open and break the compatibility of the protocol
instead. It wouldn't be for the first time, in 1.27 it was done to
allow non-MD5 authentication.
Most users seem to use chronyc only locally. If they have an update of
the distribution package or compile chrony from source code, they will
have chronyd and chronyc updated at the same time and should have any
problems with it.
Thoughts?
--
Miroslav Lichvar
--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.