Re: [chrony-users] Resume from suspend and default makestep configuration

[Miroslav Lichvar <mlichvar@xxxxxxxxxx>]

On Sat, May 09, 2020 at 01:30:29AM +0200, Pali Rohár wrote:
> I would suggest to either change default configuration to 'makestep 1 -1'
> or assuming that after resuming from suspend / hibernate, chrony should
> behave like it was restarted. And therefore suck forward jump detection
> done by clock update would be treated as in first clock update --
> slewing would not be used and instead clock would jump.
> 
> What do you think about it? It is possible to change it? So default
> chrony configuration would be suitable also for desktop / laptop users?

By default, chronyd doesn't make any steps, except for a leap second
if not supported by the system. Most distributions have a default
config that allows a small number of steps, possibly based on one of
the provided examples. I'd not recommend changing that to unlimited
number of steps as the vast majority of computers don't need that.
It should be enabled only in specific cases when really needed and the
implications are understood.

One issue with allowing steps at any time is that it may break
applications that don't handle backward steps. Another issue is that
it allows a MITM attacker to inject arbitrary offsets to the clock at
any time. With a limited makestep that window is limited to a short
time after the boot, or package upgrade. When I take my laptop to an
untrusted network, I don't want people there to be able to step my
clock 50 years ahead to break TLS certificates for example. Ideally,
when not using authentication, no steps should ever be allowed. For a
default configuration that would probably be unreasonable.

-- 
Miroslav Lichvar


-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.