[Gllug] Linux ntp talking to MS Windows
Mike Brodbelt
mike at coruscant.demon.co.uk
Thu Aug 3 21:54:54 UTC 2006
Chris Bell wrote:
>>
>> I have switched that to 'permissive' anyway.
>>
> I gather that ix86 processors separate system commands into groups which
> require different privilege settings, and write access to the BIOS as needed
> to adjust the internal clock is one of the highest levels.
Adjusting the hardware clock is usually done by accessing it via
/dev/rtc from userspace. The kernel actually makes the change. The only
separation mechanism employed by x86 class CPUs in hardware (that I'm
aware of) is that of protection rings. A register in the CPU carries the
current IOPL value, which can be from ring 0 through ring 3. In linux
systems, kernel code runs in ring 0 and has direct hardware access,
userspace runs in ring 3, and any attempt to access memory or IO ports
directly will be trapped by the hardware. I don't believe there is any
other separation, and I think modification of CMOS memory only requires
the the code doing the modification is executing in ring 0. There's some
reasonable info on this in Wikipedia:-
http://en.wikipedia.org/wiki/Protection_ring
Newer CPUs are also implementing NX in hardware, but that's tangential
to this point.
> I have not used
> RedHat for a while; Debian provides both options but suggests that the safer
> alternative is to restrict the allocation of special privileges and use a
> system that will modify a software offset instead of the hardware clock.
Debian typically initialises the system clock from the hardware at boot.
Using ntp or ntpdate keeps the system clock right, but does not change
the hardware clock. Debian typically runs hwclock --systohc at shutdown,
which should be the only time the hardware clock gets written to.
This doesn't solve the original question of course, but I've only ever
used it the other way round. It's quite easy to make Windows XP clients
sync to a Linux NTP server, and seems to work quite well.
Mike
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list