MacOS – Disabling NTP on OS X Lion or older

macosntpSecuritysnow leopard

Following a new security vulnerability in the Network Time Protocol software package, Apple has provided a software update for Mountain Lion and newer versions of OS X.

As usual, the older versions of OS X that one may be stuck with (because the hardware does not support newer versions, because one needs Rosetta, …) are not covered by the security update.

My questions are:

is disabling “set date and time automatically” in Software Preferences enough to ensure that ntpd is not running?
what might break if the ntdp binary was simply deleted for safety on OS X Snow Leopard or Lion?

In doubt I might use these instructions to limit the scope of ntpd without completely disabling/deleting it, but in this case there remains the risk of getting it wrong and leaving ntpd exposed.

Best Answer

is disabling “set date and time automatically” in Software Preferences enough to ensure that ntpd is not running?

Yes.

Here is the way to insure yourself of this. Open a Terminal or xterm window.

Run the following command:

ps ax | grep ntp

and notice that you have an ntpd process running.

Open System Preferences and turn off Set date and time automatically:

Check with the ps command above that you don't have any ntpd process running.

Don't remove the ntpd binary, this is not necessary and would deprive you of the chance to take advantage of a fix from Apple :).

In doubt I might use these instructions to limit the scope

No.

This receipe will leave you with a running ntpd and hence exposed to an attack.

Related Solutions

MacOS – How to tell when time has been sync’ed with NTP server in Mac OS X Lion

I'm not sure if there are any log messages by default—I couldn't find any either.

One possible solution is to just enable logging. You can edit:

/usr/libexec/ntpd-wrapper

And add this (or something similar):

-l /tmp/ntpd.log

To the exec /usr/sbin/ntpd line in the script (the last line). Then kill the ntpd process (it will automatically relaunch) or reboot.

The resulting log looks something like this:

ntpd[10728]: ntpd 4.2.8p6@1.3265 Fri Feb  5 17:38:17 UTC 2016 (124~824): Starting
ntpd[10728]: Command line: /usr/sbin/ntpd -c /private/etc/ntp-restrict.conf -n -g -p /var/run/ntpd.pid -f /var/db/ntp.drift -l /tmp/ntpd.log
ntpd[10728]: proto: precision = 1.000 usec (-20)
ntpd[10728]: proto: fuzz beneath 0.083 usec
ntpd[10728]: Listen and drop on 0 v6wildcard [::]:123
...
ntpd[10728]: drift PPM:0.000 -> -37.418
ntpd[10728]: peer time.asia.apple.com. @ 17.253.66.125
ntpd[10728]: sample offset +0.000000 s @ 17.253.66.125
ntpd[10728]: sample offset -0.000569 s @ 17.253.66.125
ntpd[10728]: sample offset -0.000518 s @ 17.253.66.125

How to install the 2014 NTP security fix on 10.6.8 Snow Leopard

For 10.6.8 would it work to open the 10.8 NTP update.dmg with pacifist and put in the new versions of the following 6 files?

No it would not work. You will probably get a segmentation fault due to major changes that happened between 10.6 and 10.8 (I don't think you could even make 10.8 binaries work on 10.7). You can easily try it, however, to convince yourself. Extract them with Pacifist to some temp directory and just run them (eg. extract ntpd and do a ./ntpd --version ). If you don't get a segmentation fault and you get a printout of the version, you might be fine. However, there's a better option.

Instead of using Apple's binaries, you should compile NTP yourself. It's not difficult at all and it requires Xcode (which is free anyway).

See my answer to a similar question that was posted the other day on how to compile NTP: Disabling NTP on OS X Lion or older

Best Answer

Related Solutions

MacOS – How to tell when time has been sync’ed with NTP server in Mac OS X Lion

How to install the 2014 NTP security fix on 10.6.8 Snow Leopard

Related Question