*** This bug is a security vulnerability *** Public security bug reported:
UTC ticks SI seconds in step with TAI (International Atomic Time), but in order to keep in sync with UT1 which is defined by the earth's rotation, UTC is occasionally adjusted. In other words, in order to keep UTC 00:00:00 within a second of midnight, leap seconds are added. See: https://en.wikipedia.org/wiki/Leap_second So I tested it. I booted a live copy of Natty and went for a historic leap second: date --rfc-3339=seconds -s '2008-12-31 23:59:54+00:00'; hwclock -w while true; do date --rfc-3339=ns; sleep 0.25; done >> /mnt/time.log time.log: 2008-12-31 23:59:57.753497430+00:00 2008-12-31 23:59:58.006601830+00:00 2008-12-31 23:59:58.259626718+00:00 2008-12-31 23:59:58.512632697+00:00 2008-12-31 23:59:58.765677765+00:00 2008-12-31 23:59:59.018668172+00:00 2008-12-31 23:59:59.271679983+00:00 2008-12-31 23:59:59.524653233+00:00 2008-12-31 23:59:59.777697760+00:00 2009-01-01 00:00:00.030698916+00:00 <-- Where is the leap second? 2009-01-01 00:00:00.283682058+00:00 2009-01-01 00:00:00.536682453+00:00 2009-01-01 00:00:00.789704596+00:00 2009-01-01 00:00:01.042716625+00:00 2009-01-01 00:00:01.295720967+00:00 2009-01-01 00:00:01.548714966+00:00 2009-01-01 00:00:01.801750574+00:00 2009-01-01 00:00:02.054801900+00:00 2009-01-01 00:00:02.307836286+00:00 2009-01-01 00:00:02.560842969+00:00 2009-01-01 00:00:02.813878513+00:00 2009-01-01 00:00:03.066923251+00:00 2009-01-01 00:00:03.319920865+00:00 So either there should be a 23:59:60 leap second, or the system timezone should not be called UTC, but the more ambiguous term 'Universal Time'. I also tried 1998 and 2005. A leap second has been announced for this June 30. I think that issues with time can potentially cause or trigger serious bugs elsewhere. So I'm marking this as a security vulnerability just-in- case. ** Affects: ubuntu Importance: Undecided Status: New ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/970966 Title: UTC is incorrectly implemented; it does not handle leap seconds To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/970966/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
