2135568 – Threat model finding: thundering herd warning

Bug 2135568 - Threat model finding: thundering herd warning

Summary: Threat model finding: thundering herd warning

Keywords:
Status:	ASSIGNED
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	chrony
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Miroslav Lichvar
QA Contact:	rhel-cs-infra-services-qe
Docs Contact:
URL:
Whiteboard:
Depends On:	2231078
Blocks:
TreeView+	depends on / blocked

Reported:	2022-10-18 01:15 UTC by Wade Mealing
Modified:	2023-08-15 07:12 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-136793	0	None	None	None	2022-10-18 01:23:12 UTC

Comment 1 Miroslav Lichvar 2022-10-24 14:45:30 UTC

Server keys lost after restart (which invalidates existing cookies) could be an issue for servers with large number of clients. A typical server might be able to handle 500 requests per second, so for the default minpoll of 64 seconds that would be about 32k clients if the requests were spread evenly.

A warning message printed by chronyd if configured as an NTS server without ntsdumpdir would make sense to me.

Comment 2 Miroslav Lichvar 2023-08-10 13:46:20 UTC

This issue will be fixed by rebase to chrony-4.4 (bug #2231078), which logs a warning message when ntsdumpdir is missing in the config.

Note You need to log in before you can comment on or make changes to this bug.