[OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude dnsmasq.time
Toke Høiland-Jørgensen
toke at toke.dk
Thu Oct 1 16:58:53 EDT 2015
Steven Barth <cyrus at openwrt.org> writes:
> Using --dnssec-no-timecheck is impractical since it reacts to SIGHUP which
> is already overloaded and might be triggered by e.g. config changes.
Quite apart from the signaling, using --dnssec-no-timecheck very quickly
turns into an ugly hack. I implemented a startup time sync functionality
for CeroWrt based on this, see
https://github.com/dtaht/cerowrt-3.10/commit/b3a5b704691f1ba1d154dca9c7ab316f92136640
Never even attempted to upstream it because while it does sorta-kinda
work, it is a fairly ugly hack and I don't see any good way to avoid
that.
I definitely consider the timestamp file a cleaner way of solving the
DNSSEC/time sync problem, and will definitely recommend sticking with
that.
As far as whether or not it is a security risk: The whole issue here is
that it is fundamentally impossible to bootstrap DNSSEC securely without
a reliable clock (i.e. real-time clock or GPS or other offline source).
So we're stuck with doing things that minimise the duration of the
vulnerable window.
Also, as far as I can tell, dnsmasq will still read the time off the
file even if it can't write to it. So if the file ownership is the issue
(and I can see how this is at least a theoretical concern), just have
the file be owned as root, and have a suitably privileged process touch
it on shutdown (or periodically? presumably many reboots are going to be
hard power cycles, so no chance to do anything on shutdown?).
-Toke
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list