On Sat, Dec 25, 2021 at 11:09:32AM -0000, Stuart Henderson wrote:
> On 2021-12-22, uesso@danwin1210.de <uesso@danwin1210.de> wrote:
> > How can I reload date from ntpd after boot?
>
> rcctl stop ntpd
> rdate $timeserver
> rcctl start ntpd
Note that rdate doesn't support the concept of constraints as
ntpd does, so it's entirely possible for someone who can observe
the outgoing request, (to see the random timestamp that we send),
and spoof a response from the ntp server, to deliberately cause
your clock to be set incorrectly.
Assuming that ntpd restarts correctly immediately afterwards, the
window of opportunity is very small, but it does introduce a
vulnerability that wouldn't exist using ntpd alone.
No comments:
Post a Comment