Date: Thu, 28 Jun 2018 08:08:12 +0200
From: Thomas Steen Rasmussen <thomas@gibfest.dk>
To: Roger Marquis <marquis@roble.com>, freebsd-security@freebsd.org, freebsd-jail@freebsd.org
Subject: Re: Jailing {open,}ntpd
Message-ID: <25837879-e464-0ed1-75f3-f4c43f47653c@gibfest.dk>
In-Reply-To: <nycvar.OFS.7.76.444.1806261238560.57821@mx.roble.com>
References: <nycvar.OFS.7.76.444.1806261238560.57821@mx.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/26/2018 09:53 PM, Roger Marquis wrote:
> Has anyone configured {open,}ntpd to run in a FreeBSD jail or Linux
> container? Can it be done in such a way that a breached daemon would
> not have access to the host?
>
> Roger Marquis
Hello,
TL;DR: +1
I've been wondering about the same thing.
Anything that speaks to untrusted network clients belongs in a jail, but
to my knowledge both ntpds are unjailable because they want to use some
kernel system calls (to adjust time) which are not allowed in jails (as
it should be).
In my opinion adjusting the local bios/cmos clock and keeping it in sync
with some upstream NTP source is a different task than serving NTP to
untrusted network clients (like an ISP is expected to do).
I'd love for one or both ntpds to have an option to only serve local
time, without attempting to adjust the clock, if such a feature is possible.
I'd then keep an ntpd running in the base system which takes care of
keeping the system clock in-sync, and another in a jail which only reads
the time and serves it to network clients, but doesn't try to adjust or
speak to upsteam NTPs.
I will be watching this thread hoping that someone who knows about NTP
will chime in. Thanks!
Best regards,
Thomas Steen Rasmussen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25837879-e464-0ed1-75f3-f4c43f47653c>