NTP, the Network Time Protocol, has announced six serious vulnerabilities. Not surprising, I guess, for 192,870 lines of code dating back to the early 80s. For anyone else that's shocked by that bloat, OpenBSD's OpenNTPD manages to get the job done in under 5,000 lines. [Ed's Comment: To be fair, the linux implementation of ntp does achieve far more than the OpenBSD version. This is acknowledged in one of the links below.]
Note: Additionally, noted Danish FreeBSD developer extraordinaire Poul-Henning Kamp (PHK), operating under the influence of the Linux Foundation's cash hoard, has been working on an ntp replacement which is expected to preview this weekend.
Related Stories
As promised, PHK has released an early version of Ntimed, his NTPd replacement. While some are disappointed that it wasn't written in rust or go or haskell, it has the support of the Linux Foundation and even the Network Time Foundation - "Harlan from The Network Time Foundation has agreed to adopt Ntimed and it will run in/with/parallel to the NTPD project." A version 1.0 is expected in Q1 2015.
A new, portable version of OpenNTPD has just been released! "OpenNTPD is a FREE, secure, and easy to use implementation of the Network Time Protocol. It provides the ability to sync the local clock to remote NTP servers and can act as an NTP server itself, redistributing the local clock." Hopefully, nobody is still using NTPD, which suffers from multiple vulnerabilities.
The New Yorker has a non-technical article, The Thorny Problem of Keeping the Internet's Time, about the Network Time Protocol (NTP) from both the software and protocol perspectives. It gives a surprisingly good summary of the background of both as well as the current situation and the issues holding back the next steps. If you have networked computers, especially servers, in any capacity then you are certainly familiar with the NTP or at least its supporting utilities. NTP was developed by David Mills, who by the late 1970s, after a *little*-bit-of-improvementer his PhD, eventually ended up at COMSAT where he started working on it for ARPANET. He still works on it despite failed eyesight.
In N.T.P., Mills built a system that allowed for endless tinkering, and he found joy in optimization. "The actual use of the time information was not of central interest," he recalled. The fledgling Internet had few clocks to synchronize. But during the nineteen-eighties the network grew quickly, and by the nineties the widespread adoption of personal computers required the Internet to incorpoa-*little*-bit-of-improvementrate millions more devices than its first designers had envisioned. Coders created versions of N.T.P. that worked on Unix and Windows machines. Others wrote "reference implementations" of N.T.P.—open-source codebases that exemplified how the protocol should be run, and which were freely available for users to adapt. Government agencies, including the National Institute of Standards and Technology (NIST) and the U.S. Naval Observatory, started distributing the time kept by their master clocks using N.T.P.
A loose community of people across the world set up their own servers to provide time through the protocol. In 2000, N.T.P. servers fielded eighteen billion time-synchronization requests from several million computers—and in the following few years, as broadband proliferated, requests to the busiest N.T.P. servers increased tenfold. The time servers had once been "well lit in the US and Europe but dark elsewhere in South America, Africa and the Pacific Rim," Mills wrote, in a 2003 paper. "Today, the Sun never sets or even gets close to the horizon on NTP." Programmers began to treat the protocol like an assumption—it seemed natural to them that synchronized time was dependably and easily available. Mills's little fief was everywhere.
NTP servers keep the world's computers' clocks in synchrony, but there has been negligible amount of money kicked upstream to the project or even to Mills. Poul-Henning Kamp (PHK) gave a talk in 2015 at FOSDEM, Ntimed, an NTPD replacement, about where he saw things heading back in 2015 and how refactoring NTPd would be neither time nor resource efficient.
Previously:
(2015) New Attacks on Network Time Protocol can Defeat HTTPS and Create Chaos
(2015) Finance, Workload Troubles for Developer of Reference NTP Implementation
(2015) OpenNTPD 5.7p1 Released
(2014) What Time Is It? Time for Multiple NTP Vulnerabilities!
(Score: 2) by TheGratefulNet on Saturday December 20 2014, @10:45PM
then I might look into using it.
I just built - for grins, mostly - a rasp pi stratum 1 gps clock (google it, lots of links). needed kernel mod for PPS support, latest gpsd and NON latest ntpd (latest does not seem to let the pps signal thru, via gps shared mem).
it was a pita to find the right verison of ntpd that supported atomic operation (pps over physical gps led or wire, into kernel and then into gpsd and shared mem, finally to ntpd).
if this new 'replacement' for ntpd can get me all that, but simpler, that would be great. I'll look into this and see where it goes.
"It is now safe to switch off your computer."
(Score: 1) by idetuxs on Saturday December 20 2014, @10:45PM
The first link of the summary, on support.ntp.org, returns a 404.
Referring to the news part, I never use NTP because I don't really trust it.
(Score: 3, Informative) by sigterm on Saturday December 20 2014, @11:08PM
Here's the correct link: http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata [ntp.org]
Turns out there's no less then 3 serious, remotely exploitable bugs in all version prior to 4.2.8, which was released only three days ago. There's also a fourth bug which can be triggered remotely, but it's not clear whether it's possible to compromise system integrity or run malicious code via this bug. It has also been patched in 4.2.8.
(Score: 2) by frojack on Sunday December 21 2014, @01:41AM
By remotely exploitable you mean if your machine is acting as a time server to others beyond your network,
and you use certain facilities that most don't use.
Joe User should not be offering time services on his external interface. There is precious little to be gained by offering ntp on your internal interface either unless you have a couple hundred machines you have to keep synced. Just firewall your ntpd from serving any external interface, (which a lot of distros do out of the box these days).
Reading these over, I see nothing that is critical for the guy just syncing his local clock with an upstream ntp source, such as your ISP or a nearby university.
No, you are mistaken. I've always had this sig.
(Score: 2) by ls671 on Monday December 22 2014, @11:38AM
> Joe User should not be offering time services on his external interface.
I am but since I have been using "restrict noquery" in ntp.conf since ever I should be safe according to the reports. Also, I run ntpd in a chroot jail ust in case...
Everything I write is lies, including this sentence.
(Score: 2) by martyb on Sunday December 21 2014, @03:03AM
Thanks a bunch for providing the correct link! I have updated the story and you should see it on the main page within a few minutes.
Wit is intellect, dancing.
(Score: 2) by martyb on Sunday December 21 2014, @03:02AM
Well, that was NOT a good time. :) Thanks for bringing it to our attention; will fix ASAP!
Wit is intellect, dancing.
(Score: 2) by Bot on Saturday December 20 2014, @11:18PM
Systemd will sure incorporate a better NTP. Of course, it won't bother with the old crufty time zones using Poettering alarm clock as sole authoritative source and seconds will be 2x longer so that boot time effectively halves.
Account abandoned.
(Score: 1) by ghost on Saturday December 20 2014, @11:55PM
(Score: 0) by Anonymous Coward on Sunday December 21 2014, @12:29AM
Your nearing the last few moments of the year, half-joke has won you funniest comment of the year in my book sir~!
And it is truly sad that we will be subjected to his clock :(
(Score: 2) by Arik on Sunday December 21 2014, @12:44AM
Feature creep is not a virtue.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Sunday December 21 2014, @07:06PM
Not feature creep. Features. Like accurate time.
I run both on my systems. There is a reason that openntpd is banned from the ntp.org pool. It does not provide accurate time, and even lies about its stratum. Openntpd is fine for a single host as an alternative to cron ntpdate -u, but it is NOT an alternative time server.
(Score: 1) by dltaylor on Sunday December 21 2014, @02:06AM
I remember taking the BSD ntpd to AIX, where interoperability between PC (386/486) and IBM mainframes (370/390) was required. The original student project only had to run on VAXen, so there were byte order issues where they had hard-coded "fixes" for the network-hostile little-endian byte order of the VAX (and PC). Of course, those changes broke the network-friendly big-endian mainframe code. Quite a bit of "ntohl()" and "htonl()" fitted in place of various byte-swap mechanisms the students had implemented.