From owner-freebsd-security@freebsd.org Sat Apr 30 00:44:29 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6188FB21134 for ; Sat, 30 Apr 2016 00:44:29 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 552FD1678 for ; Sat, 30 Apr 2016 00:44:28 +0000 (UTC) (envelope-from marquis@roble.com) Date: Fri, 29 Apr 2016 17:44:28 -0700 (PDT) From: Roger Marquis To: Charles Swiger cc: freebsd-security Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp In-Reply-To: <28698FCA-CEAB-4A0F-9F12-57FCCD871E1E@mac.com> References: <20160429082953.DB31D1769@freefall.freebsd.org> <9e6342a420259fec7bd21d6222cc6e05@zahemszky.hu> <1461929003.67736.2.camel@yandex.com> <0O6F002Z65WLUS40@mr28p00im-smtpin028.me.com> <28698FCA-CEAB-4A0F-9F12-57FCCD871E1E@mac.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Apr 2016 00:44:29 -0000 >> Who needs millisecond accuracy anyway? > >Cell phones, cell phone towers, computers handling financial transactions, etc. I manage security for several dozen FreeBSD computers handling financial transactions and they all run openntpd in client-only mode. It was the only way we could avoid an absolute deluge of security incident tickets from corp scanning (mainly Nessus). These hosts, as well as cell phone towers, etc may be reasons for keeping isc ntpd as a port but do not support a case for keeping it in base. >> perhaps, for those sites that need to run ntpd for one of the reasons >> listed above but again, that's a tiny fraction of the installed base. Most >> FreeBSD systems only need to query a timehost, not to be a time server. > > Your data for that? Are you seriously proposing that most FreeBSD installations need to serve as timeservers? > openntpd implements SNTPv4 and not the NTPv4 protocol. The extra sanity checking > in the latter helps detect and mitigate against falsetickers, which is why folks > continue to use NTP and ntpd rather than rdate or SNTP implementations like openntpd. And your data for that? I'd personally be surprised if most devops were familiar with the differences between SNTPv4 and NTPv4. OTOH openntpd's ntpd.conf does provide a "constraints from" directive which will query one or more http/https sites and use the resulting timestamps to reject ntp responses outside of a range near the constraint. This is a nice OOB feature not found in base ntpd. Roger