Pmbootstrap: Choose & set up a NTP client

Created on 16 Sep 2017 · 6Comments · Source: postmarketOS/pmbootstrap

From @ollieparanoid in https://github.com/postmarketOS/pmbootstrap/issues/570#issuecomment-329855915:

A few notes regarding ntpd:

If we set the hardware clock to UTC/GMT instead of the localtime, we don't need to know the time zone beforehand (it will get calculated based on the UTC time then) (more info)

Although that might not be obvious, we should take extra care choosing a suitable ntpd, especially when we want to have it running all the time. After all, it connects to the internet and executes code based on the input it gets, so it has a similar attack surface than curl or wget. Besides busybox' ntpd, there is openntpd from OpenBSD for example, which does proper privilege separation among other features. It is packaged for Alpine.

Also running an ntpd creates characteristic traffic, which may be used to fingerprint your OS/device (I know that we'll need it for the N900, but we should keep that in mind at least).

enhancement usability

Source

craftyguy

All 6 comments

@ollieparanoid
In Alpine, openntpd is outdated..

by over a year.

craftyguy on 19 Sep 2017

It sounds like a security concern you're having. However, nothing in the changelog from 6.0_p1 onwards (didn't check entries before, because that is the version in Alpine) mentiones security fixes. I'm pretty sure, that Alpine devs would have either updated it or added a patch for the security fix otherwise.

So I would recommend openntpd, because of the privilege separation (and you can even set it up to get the timestamps from making HTTPS connections instead of using the NTP protocol, which obfuscates the traffic nicely).

If we decide to go that way, I recommend shipping the updated version in our aports, and making a PR to get it updated in Alpine. Then deleting our package when it got updated upstream.

ollieparanoid on 19 Sep 2017

Yea I'd also vote for openntpd.

craftyguy on 19 Sep 2017

👍1

Alpine includes some helper scripts that we can probably leverage for this:

setup-timezone

and

setup-ntp -c openntp.

The last one will install and configure openntpd to start on bootup.

craftyguy on 20 Sep 2017

🎉1

Hmm, maybe we should go with chrony: https://www.coreinfrastructure.org/news/blogs/2017/09/securing-network-time

craftyguy on 1 Oct 2017

👍1

While that audit sounds great, it does not cover openntpd. But chrony has a comparison table which shows, that chrony also implements privilege separation and uses seccomp on Linux, which openntpd does not.

I'm also convinced now, that chrony is more secure. And the other features it has sound nice as well. Great find!

ollieparanoid on 2 Oct 2017

Was this page helpful?

0 / 5 - 0 ratings