UTC is incorrectly implemented; it does not handle leap seconds
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-control-center (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
util-linux (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
UTC ticks SI seconds in step with TAI (International Atomic Time), but in order to keep in sync with UT1 which is defined by the earth's rotation, UTC is occasionally adjusted. In other words, in order to keep UTC 00:00:00 within a second of midnight at the Prime Meridian, leap seconds are added.
See: https:/
So I tested it.
I booted a live copy of Natty and went for a historic leap second:
date --rfc-3339=seconds -s '2008-12-31 23:59:54+00:00'; hwclock -w
while true; do date --rfc-3339=ns; sleep 0.25; done >> /mnt/time.log
time.log:
2008-12-31 23:59:57.
2008-12-31 23:59:58.
2008-12-31 23:59:58.
2008-12-31 23:59:58.
2008-12-31 23:59:58.
2008-12-31 23:59:59.
2008-12-31 23:59:59.
2008-12-31 23:59:59.
2008-12-31 23:59:59.
2009-01-01 00:00:00.
2009-01-01 00:00:00.
2009-01-01 00:00:00.
2009-01-01 00:00:00.
2009-01-01 00:00:01.
2009-01-01 00:00:01.
2009-01-01 00:00:01.
2009-01-01 00:00:01.
2009-01-01 00:00:02.
2009-01-01 00:00:02.
2009-01-01 00:00:02.
2009-01-01 00:00:02.
2009-01-01 00:00:03.
2009-01-01 00:00:03.
So either there should be a 23:59:60 leap second, or the system timezone should not be called UTC, but the more ambiguous term 'Universal Time'.
I also tried 1998 and 2005. A leap second has been announced for this June 30.
I think that issues with time can potentially cause or trigger serious bugs elsewhere. So I'm marking this as a security vulnerability just-in-case.
description: | updated |
security vulnerability: | yes → no |
security vulnerability: | yes → no |
This makes me wonder if I can maintain a reliable source of TAI on my system.