554040 – net-misc/chrony-2* should not enable USE="phc pps" by default

Bug 554040 - net-misc/chrony-2* should not enable USE="phc pps" by default

Summary: net-misc/chrony-2* should not enable USE="phc pps" by default

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Jeroen Roovers (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-07-05 20:42 UTC by Andrew Savchenko
Modified:	2015-07-23 08:39 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Savchenko gentoo-dev

2015-07-05 20:42:28 UTC

Hello,

ATM chrony enables phc and pps by default. However they are useful for limited cases where user have a special hardware time source (atomic clock, gps clock and so on). Since most users apparently don't have such a hardware, I propose to not enable these options by default, this way users will benefit from a reduced attack surface, smaller memory footprint and so on.

Another note, pps USE flag description is wrong:
<flag name='pps'>Support for the Linux Real Time Clock (RTC) interface</flag>
while pps is "PPS (Pulse Per Second) is a special pulse provided by some GPS antennae." (from CONFIG_PPS description).

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2015-07-06 04:03:27 UTC

What attack surface?

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2015-07-06 18:33:04 UTC

I like to stay close to upstream. So their default configure options are our default configure options, except where they would clash with Gentoo specific requirements. I don't think these two options should be disabled just because they increase the install size.

As for the attack surface, that would require a malicious RTC or PPS driver in the kernel or having those open to unprivileged user access. chrony's attack surface would in those cases be the least of your concerns.

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2015-07-06 18:39:11 UTC

(In reply to Jeroen Roovers from comment #2)
> As for the attack surface, that would require a malicious RTC or PPS driver

PCH and PPS, that is.

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2015-07-06 18:39:34 UTC

PHC...

Comment 5 Andrew Savchenko gentoo-dev

2015-07-23 08:39:31 UTC

(In reply to Jeroen Roovers from comment #2)
> I like to stay close to upstream. So their default configure options are our
> default configure options, except where they would clash with Gentoo
> specific requirements. 

This is understandable, but questionable approach. Upstream is usually targeted on the audience unable/unwilling to rebuild from sources, thus upstream tends to include as functionality as possible except for questionable stuff.

> As for the attack surface, that would require a malicious RTC or PPS driver
> in the kernel or having those open to unprivileged user access. chrony's
> attack surface would in those cases be the least of your concerns.

Not really, just some bug in auxiliary code may be triggered. Less code => less bugs, that's simple and works statistically quite well (of course there are some exceptions, e.g. hardening code).