ntpsec | systemd: Do not restart (!576)

Eric S. Raymond esr at thyrsus.com
Sun Nov 26 11:40:50 UTC 2017

Hal Murray via devel <devel at ntpsec.org>:
> > It is important to specify -g on the command line to allow NTP to correct
> > the clock on boot.  However, if Restart=yes is set, a malicious (or broken)
> > server could send the incorrect time, trip the panic threshold, and when
> > ntpd restarts, serve it the incorrect time (which would be accepted). 
> Should we collect a list of configuration issues that admins (and distros) 
> should think about?

Yes.  I'm not competent to do it, though - my grasp of ntpd operations
is still relatively weak, at leasr compared to you and Gary.

Perhaps you could collect notes on this?
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.

More information about the devel mailing list