On 06/27/2018 23:08, Thomas Steen Rasmussen wrote:
Anything that speaks to untrusted network clients belongs in a jail, but
to my knowledge both ntpds are unjailable because they want to use some
kernel system calls (to adjust time) which are not allowed in jails (as
it should be).
In my opinion adjusting the local bios/cmos clock and keeping it in sync
with some upstream NTP source is a different task than serving NTP to
untrusted network clients (like an ISP is expected to do).
I'd love for one or both ntpds to have an option to only serve local
time, without attempting to adjust the clock, if such a feature is
possible.
I'd then keep an ntpd running in the base system which takes care of
keeping the system clock in-sync, and another in a jail which only reads
the time and serves it to network clients, but doesn't try to adjust or
speak to upsteam NTPs.
You can do this by configuring the jailed ntpd with the local clock
driver as a reference. Doing this for an ntpd serving the general
public would be evil. NTP Pool Project membership prohibits using the
local clock driver.
If your priority is something with a better security profile than an ISC
daemon, run OpenNTPD instead.
For the ISC ntpd, configure a reference clock with a server line that
has a magic number 127.127.0.0/16 address. The "Reference Clock
Support" section of ntp.conf(5) has more details. The local clock is
type 1.
OpenNTPD does not have reference clock support.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
