| Re: [chrony-users] Resume from suspend and default makestep configuration |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] Resume from suspend and default makestep configuration
- From: Pali Rohár <pali.rohar@xxxxxxxxx>
- Date: Mon, 18 May 2020 12:37:05 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=1lLKMRs20RweBrDEU1PBnJsRMjIHoeFESHoL5/PLhCA=; b=HZqppstgdhRYFlHBmOgXDP7HA0/EWUh5USfK3O9iGsm5M0pNOZJn0zm30c0ahxca9Z 1tqctiwCPdyHwXcd/4xjb1PyzMyZ9CsgkrEu7v3DO3LMIzVjaz1SD8w98Z5sevWCRi9L UVsLXWSexo9i3u7LsQ7spaaafCCo73k3SzWYfo4NypyrqpZhg8QuqPDt9fCNyHSTfcM2 CLw72bVeWOd4fjqYV71zUqCYWO+06DFdivr5sK0Wkt7KKm203qcnJoYyWg44pWvbzSds 3ULi/fiD/xsjXsVD5WJYtlHjiX1e4DsTzwFuuU3kY0zQw/Z7WfwAK/YSEJRiDqEN31RF X0kg==
On Monday 11 May 2020 10:52:49 Miroslav Lichvar wrote:
> On Sat, May 09, 2020 at 01:30:29AM +0200, Pali Rohár wrote:
> > I would suggest to either change default configuration to 'makestep 1 -1'
> > or assuming that after resuming from suspend / hibernate, chrony should
> > behave like it was restarted. And therefore suck forward jump detection
> > done by clock update would be treated as in first clock update --
> > slewing would not be used and instead clock would jump.
> >
> > What do you think about it? It is possible to change it? So default
> > chrony configuration would be suitable also for desktop / laptop users?
>
> By default, chronyd doesn't make any steps, except for a leap second
> if not supported by the system. Most distributions have a default
> config that allows a small number of steps, possibly based on one of
> the provided examples. I'd not recommend changing that to unlimited
> number of steps as the vast majority of computers don't need that.
> It should be enabled only in specific cases when really needed and the
> implications are understood.
>
> One issue with allowing steps at any time is that it may break
> applications that don't handle backward steps. Another issue is that
> it allows a MITM attacker to inject arbitrary offsets to the clock at
> any time. With a limited makestep that window is limited to a short
> time after the boot, or package upgrade. When I take my laptop to an
> untrusted network, I don't want people there to be able to step my
> clock 50 years ahead to break TLS certificates for example. Ideally,
> when not using authentication, no steps should ever be allowed. For a
> default configuration that would probably be unreasonable.
Hello Miroslav! I understand your security concern and I agree that
during time when system is running, that unlimited number of steps is
not needed.
The main problem is when system is put into suspend or hibernate state.
In my opinion resuming from suspend / hibernate state should be handled
in the same way as (re)starting chronyd. You do not know what may
happened during sleep.
And as I pointed there are existing problems that UEFI/BIOS firmware
changes RTC clock without good reason which results in completely wrong
system clock.
--
Pali Rohár
pali.rohar@xxxxxxxxx
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.