├── LICENSE
├── README.md
└── httpstime


/LICENSE:
--------------------------------------------------------------------------------
 1 | This is free and unencumbered software released into the public domain.
 2 | 
 3 | Anyone is free to copy, modify, publish, use, compile, sell, or
 4 | distribute this software, either in source code form or as a compiled
 5 | binary, for any purpose, commercial or non-commercial, and by any
 6 | means.
 7 | 
 8 | In jurisdictions that recognize copyright laws, the author or authors
 9 | of this software dedicate any and all copyright interest in the
10 | software to the public domain. We make this dedication for the benefit
11 | of the public at large and to the detriment of our heirs and
12 | successors. We intend this dedication to be an overt act of
13 | relinquishment in perpetuity of all present and future rights to this
14 | software under copyright law.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
23 | 
24 | For more information, please refer to <https://unlicense.org>
25 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | httpstime
 2 | =========
 3 | 
 4 | > :warning: I do not recommend using this script any more. Instead,
 5 | > use an NTP client implementation that supports NTS / RFC 8915.
 6 | 
 7 | Simple bash script to set the system time via HTTPS.
 8 | Born out of frustration with all other existing solutions, see also:
 9 | 
10 | * https://blog.hboeck.de/archives/890-In-Search-of-a-Secure-Time-Source.html
11 | 
12 | By default it will use the HTTP Date header from
13 | [www.google.com](https://www.google.com) to set the time. Alternatively
14 | another hostname can be passed on the command line.
15 | 
16 | Unlike NTP setting the time via HTTPS provides protection against
17 | man in the middle attacks.
18 | 
19 | The accuracy is worse than NTP, as the time resolution is only
20 | in seconds and network transmission times aren't considered.
21 | 
22 | Security considerations
23 | =======================
24 | 
25 | This provides no protection against rogue Google servers sending
26 | a bad time.
27 | 
28 | In theory the server could try to attack the parser in the "date"
29 | tool. However I tested it with american fuzzy lop and it seems
30 | robust.
31 | 


--------------------------------------------------------------------------------
/httpstime:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # secure time setting via HTTPS
 4 | # by Hanno Böck
 5 | 
 6 | if [[ -z "$1" ]]; then
 7 | 	HOST=www.google.com
 8 | else
 9 | 	HOST=$1
10 | fi
11 | 
12 | DATESTRING=$(curl -sI "https://$HOST/" | grep -i "^date: ")
13 | 
14 | if [[ $? -ne 0 ]]; then
15 | 	echo "Can't connect to $HOST"
16 | 	exit 1
17 | fi
18 | 
19 | DATESTRING="${DATESTRING/Date: /}"
20 | DATESTRING="${DATESTRING/date: /}"
21 | 
22 | date -s "${DATESTRING}" > /dev/null
23 | 
24 | [[ $? -eq 0 ]] || echo "Time setting failed - maybe you are not root?"
25 | 


--------------------------------------------------------------------------------