ntpsec | systemd: Do not restart (!576)
Eric S. Raymond
esr at thyrsus.com
Sun Nov 26 11:40:50 UTC 2017
Hal Murray via devel <devel at ntpsec.org>:
> > It is important to specify -g on the command line to allow NTP to correct
> > the clock on boot. However, if Restart=yes is set, a malicious (or broken)
> > server could send the incorrect time, trip the panic threshold, and when
> > ntpd restarts, serve it the incorrect time (which would be accepted).
> Should we collect a list of configuration issues that admins (and distros)
> should think about?
Yes. I'm not competent to do it, though - my grasp of ntpd operations
is still relatively weak, at leasr compared to you and Gary.
Perhaps you could collect notes on this?
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
More information about the devel