Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upmove ntpd to netvm from firewallvm #361
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
|
Modified by marmarek on 30 Sep 2011 11:17 UTC |
marmarek
assigned
rootkovska
Mar 8, 2015
marmarek
added this to the Release 1 Beta 3 milestone
Mar 8, 2015
marmarek
added
bug
C: core
P: major
labels
Mar 8, 2015
marmarek
assigned
marmarek
and unassigned
rootkovska
Mar 8, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
marmarek
Mar 8, 2015
Member
Comment by marmarek on 1 Oct 2011 08:35 UTC
http://git.qubes-os.org/?p=marmarek/core.git;a=commit;h=7ae0c52e6da7a24a6dfe51904523130990d9aaa1
|
Comment by marmarek on 1 Oct 2011 08:35 UTC |
marmarek
closed this
Mar 8, 2015
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
marmarek commentedMar 8, 2015
Reported by rafal on 18 Sep 2011 19:31 UTC
We cannot trust accuracy of ntpd too much - if someone controls the
network, he can spoof ntp replies.
So moving ntpd to less trusted VM (netvm) does not hurt ntpd reliability (netvm can spoof ntpd replies anyway).
If we move it out of FirewallVM, the security posture of FirewallVM looks
better - no listening ports then.
Migrated-From: https://wiki.qubes-os.org/ticket/361