[ntp:hackers] Bug hunting opportunities

Dave Hart davehart at gmail.com
Thu Oct 29 18:51:28 UTC 2009


On Thu, Oct 29, 2009 at 6:35 PM, Hal Murray <hmurray at megapathdsl.net> wrote:
> The idea is to allow a as much testing as we can while the system is still
> running a production version of ntpd.  The ntpd under test would run, but not
> do anything to the system.  It could write log files and stuff in the user's
> directory.
>
> I think it's only a few lines of code in several places.
>  One is listening on a non-standard port number.
>  Another is not actually setting the time.
>  We should probably not clutter up syslog.
>  Bypass the check for being root.
>  Changing the default config file from /etc/ntp.conf to ./ntp.conf would
> reduce errors.
>
> Are there any others?

I've wanted something like this for a while, and have discussed it
with Harlan a few times.  If you take a look at
pogo:~hart/ntp-dev-unpriv I've got a head start on it.  That branch
can listen on an alternate port via a ntp.conf "interface port 1234"
directive.  Its ntpq (but not yet ntpdc) knows how to talk to ntpd on
an alternate port, as in "ntpq -crv localhost:1234".  It does not
require root privilege.

The incomplete part so far is not actually setting the system time.
There is currently not a great place to hook in for that, so I've been
playing around with splitting routines like get_systime() into several
pieces, with common fuzzing code for example, but with the OS
interfacing split off into another routine, and a third routine
introduced to be used in place of the OS interfacing routine when
running in unprivileged test mode, which maintains a fictional system
clock composed from the real OS clock and local offset and frequency
changes accumulated over the ntpd run.  There's not a lot of design
work left, just decisions about how to modify the code in
libntp/machines.c and libntp/systime.c in a way that enables the new
functionality without compromising the clarity or function of
production ntpd.

I like your idea to use a different default filename for the
configuration file, and it would be straightforward to implement.  I'm
not sure about staying away from syslog.  The user can already use -l
on the command line or a ntp.conf directive to switch away from syslog
early in ntpd startup.  For me, that is enough to quench any need I
can so far imagine.

Cheers,
Dave Hart


More information about the hackers mailing list