FS#28703 - [ntp] fix configuration file

Attached to Project: Arch Linux
Opened by orbisvicis (orbisvicis) - Tuesday, 28 February 2012, 17:07 GMT
Last edited by Gaetan Bisson (vesath) - Thursday, 01 March 2012, 12:19 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Gaetan Bisson (vesath)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
The ntp.conf file shipped by Arch Linux does not do what it claims. I've attached an updated version. Changes:

Switch from "server" to "pool" directive. The "pool" directive is more appropriate, and is supported in the version of ntp shipped by Arch.

Access control now actually does "# Only allow read-only access from localhost"
(The previous settings allowed read-only access from anywhere, and unlimited access from localhost.)

Additional info:
* package version(s)
local/ntp 4.2.6.p5-3
   ntp.conf (0.7 KiB)
This task depends upon

Closed by  Gaetan Bisson (vesath)
Thursday, 01 March 2012, 12:19 GMT
Reason for closing:  Fixed
Additional comments about closing:  ntp-4.2.6.p5-5 in [extra]
Comment by Gaetan Bisson (vesath) - Tuesday, 28 February 2012, 21:59 GMT
Thanks. I've fixed this in SVN (except I didn't use iburst) and will release a new package when I fix your other bug.
Comment by Dan McGee (toofishes) - Wednesday, 29 February 2012, 14:19 GMT
You just broke the default config, there was a good reason nomodify was not there...
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=385334

You *cannot* use nomodify on localhost IPv4 or IPv6 restrict lines.
Comment by orbisvicis (orbisvicis) - Wednesday, 29 February 2012, 15:52 GMT
Yes the configuration I suggested is entirely broken:
'restrict default ignore' : blocks incoming time packets (glad you caught this)
'restrict 127.0.0.1 nomodify' 'restrict ::1 nomodify" : resolver process can't update ntpd with the new address *
* note that this is fixed in the latest dev release (4.2.7.p261)

Furthermore 'nomodify' blocks remote configuration commands which do not work without being properly authenticated. The process of configuring and providing proper credentials is complicated making it unlikely for users to accidentally modify server configuration, therefore localhost 'nomodify' restrictions are pretty much useless.

Also the 'pool' directive can't be properly secured; the 'restrict source' option was introduced in 4.2.7.p22

Altogether I believe that all changes to ntp.conf should be reverted *until* 4.2.8 (stable version of 4.2.7) is released.

At which the following configuration should be used:

pool pool.ntp.org iburst
restrict default ignore
restrict source limited kod nomodify noquery nopeer notrap
restrict 127.0.0.1
restrict ::1
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
* 'nopeer' blocks pool server discovery; I filed a report and if it is not a bug 'nopeer' should be removed.
Comment by Gaetan Bisson (vesath) - Wednesday, 29 February 2012, 21:30 GMT
Thanks for the explanations. I've pushed ntp-4.2.6.p5-5 to [extra]; let me know if you have any issue with it.

Loading...