[ntp:hackers] 4.2.5p203 adds ntpq dumpcfg command

Brian Utterback brian.utterback at sun.com
Sat Aug 22 13:03:45 UTC 2009



Danny Mayer wrote:
> Dave Hart wrote:
>> On Mon, Aug 17, 2009 at 5:09 PM, Brian Utterback wrote:
>>> Why can't it have a full or relative path? Is there a technical reason, or
>>> is it a SMP (Simple Matter of Programming)? It seems like a strange
>>> limitation.
>> Definitely a SMP.  Since it is currently available to anyone without
>> authentication, restricting to a single directory seemed wise.  Once
>> it requires authentication, both the pathname and the
>> non-existent-target restrictions can be removed as far as I know.
> 
> No. This is extremely dangerous. Paths need to restricted otherwise it
> is a potential attack vector allowing people to overwrite the password
> file, boot file, or anything else, particularly if ntpd is running as
> root. Even within a root jail you are asking for trouble. The best
> solution is to configure a write directory within the configuration file
> and not allow that directory to be changed remotely.

When I asked the question, I didn't understand that the file got 
written by the server. I thought it was written by ntpq.

-- 
blu

It's bad civic hygiene to build technologies that could someday be
used to facilitate a police state. - Bruce Schneier
----------------------------------------------------------------------
Brian Utterback - Solaris RPE, Sun Microsystems, Inc.
Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom


More information about the hackers mailing list