[ntp:hackers] 4.2.5p203 adds ntpq dumpcfg command
mayer at ntp.org
Sat Aug 22 02:52:23 UTC 2009
Harlan Stenn wrote:
> Danny wrote:
>> Even within a root jail you are asking for trouble. The best solution
>> is to configure a write directory within the configuration file and
>> not allow that directory to be changed remotely.
> What is "remotely"?
I mean that you use a text editor to edit the config file rather than
use something like ntpq to change it.
> Only via localhost? Only on a LAN?
> I agree this is a potential problem, and I'd like to get a useful
> determination on its resolution before 4.2.6 is finally released (which
> means we have about 4 weeks' time from after the RC cycle starts, and
> this will likely be as soon as the fix for bug 1243 is ready).
bug #983 is on it's way within the next few days. I just need to
reintegrate it. There are a couple of other bugs that need to get fixed
one of which is building on Windows.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the hackers