Re: [chrony-dev] Traffic amplification with chrony commands

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


On Mon, 20 Jan 2014, Miroslav Lichvar wrote:

On Fri, Jan 17, 2014 at 03:15:38PM -0600, John Hasler wrote:
Thomas Sprinkmeier writes:
Given that some (many? most?) will likely reuse a valuable password
you'll make chrony a much more attractive target: attackers who might
not care about the amplification attack could target chrony to reveal
passwords.

I don't think that any significant number of the sort of end-users that
behave that way are likely to enable remote access at all.

There is a group of users we might have neglected. Some chronyc users
don't have root access to the system running chronyd and they don't
know the password (e.g. users of a public NTP server).

After giving it more thought, I think it's really better to keep the
monitoring commands open and break the compatibility of the protocol
instead. It wouldn't be for the first time, in 1.27 it was done to
allow non-MD5 authentication.

Most users seem to use chronyc only locally. If they have an update of
the distribution package or compile chrony from source code, they will
have chronyd and chronyc updated at the same time and should have any
problems with it.

But for those users for which this would not be a problem, they would know the
password, since they set it up. For users who, for example use a public NTP
server (do you mean a public chrony ntp server since the commands AFAIK from
chronyc do not work for a ntpd server anyway) they will quite probably have a
chronyc that is incompatible with that public chrony server. Ie, precisely the
ones you are concerned with are the ones that the incompatibility would
affect.



Thoughts?



--
William G. Unruh   |  Canadian Institute for|     Tel: +1(604)822-3273
Physics&Astronomy  |     Advanced Research  |     Fax: +1(604)822-5324
UBC, Vancouver,BC  |   Program in Cosmology |     unruh@xxxxxxxxxxxxxx
Canada V6T 1Z1     |      and Gravity       |  www.theory.physics.ubc.ca/

--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/