From 796283a2f842a878168c01bd8d42e34b10c1fef3 Mon Sep 17 00:00:00 2001 From: deraadt <> Date: Mon, 11 Nov 2019 01:04:55 +0000 Subject: [PATCH] Disable -s and -S functionality. -s would force time using NTP packets without any MITM protection checks. We've had constraint checks for MITM protection for some time. Recent work changed the default mode to rapidly check NTP packets against constraint validation, as the default mode. In environments where https traffic doesn't work, ethernet-near servers can be labelled as "trusted". trusted sensor support is also coming. We have reasons to immediately move people away from the -s mode. ok otto --- src/usr.sbin/ntpd/ntpd.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c index f6e37edf..f60569ee 100644 --- a/src/usr.sbin/ntpd/ntpd.c +++ b/src/usr.sbin/ntpd/ntpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ntpd.c,v 1.126 2019/11/10 19:24:47 otto Exp $ */ +/* $OpenBSD: ntpd.c,v 1.127 2019/11/11 01:04:55 deraadt Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer @@ -99,7 +99,7 @@ usage(void) fprintf(stderr, "usage: ntpctl -s all | peers | Sensors | status\n"); else - fprintf(stderr, "usage: %s [-dnSsv] [-f file]\n", + fprintf(stderr, "usage: %s [-dnv] [-f file]\n", __progname); exit(1); } @@ -140,6 +140,7 @@ main(int argc, char *argv[]) char **argv0 = argv; char *pname = NULL; time_t settime_deadline; + int sopt = 0; if (strcmp(__progname, "ntpctl") == 0) { ctl_main(argc, argv); @@ -166,10 +167,8 @@ main(int argc, char *argv[]) pname = optarg; break; case 's': - lconf.settime = 1; - break; case 'S': - lconf.settime = 0; + sopt = ch; break; case 'v': lconf.verbose++; @@ -187,6 +186,12 @@ main(int argc, char *argv[]) log_init(logdest, lconf.verbose, LOG_DAEMON); + if (sopt) { + log_warnx("-%c option no longer works and will be removed soon.", + sopt); + log_warnx("Please reconfigure to use constraints or trusted servers."); + } + argc -= optind; argv += optind; if (argc > 0)