Public bug reported:
I installed questing snapshot-2, with the Network Time Security change.
Checking "chronyc -n sources" afterwards shows the Canonical
authenticated NTP servers as expected, but also includes a server on my
local network. Some checking around showed that this is caused by (a)
the DHCP server on the local net advertises this NTP server (DHCP option
42); (b) NetworkManager's DHCP client picks this up and invokes
/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp (a part of chrony)
(c) 20-chrony-dhcp sticks the advertised server into the chrony config
and reloads sources.
It seems that this defeats the goal of using only trusted servers by
default.
A simple fix would be to comment out the "sourcedir /run/chrony-dhcp" in
/etc/chrony/chrony.conf.
ProblemType: Bug
DistroRelease: Ubuntu 25.10
Package: chrony 4.6.1-1ubuntu2
ProcVersionSignature: Ubuntu 6.15.0-3.3-generic 6.15.0
Uname: Linux 6.15.0-3-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.33.0-0ubuntu1
Architecture: amd64
CasperMD5CheckResult: pass
Date: Sat Jun 28 09:52:53 2025
InstallationDate: Installed on 2025-06-28 (1 days ago)
InstallationMedia: Ubuntu 25.10 "Questing Quokka" - Daily amd64 (20250623)
SourcePackage: chrony
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: chrony (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug questing
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2115565
Title:
Secure config still picks up DHCP-advertised server
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/2115565/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
