[ntp:hackers] 4.2.5p203 adds ntpq dumpcfg command

Dave Hart davehart at gmail.com
Mon Aug 24 16:57:43 UTC 2009


On Mon, Aug 24, 2009 at 4:42 PM, Reg Clemens wrote:
>
>> On Mon, Aug 17, 2009 at 5:09 PM, Brian Utterback wrote:
>> Why can't it have a full or relative path?
>
> Isnt the wrong question being asked here?
> The configuration file is small.
> Why should it be written to a file at all?
> Why not just let ntpq write it to standard output, and if the user
> really wants to put it in a file he can capture it.
>
> That solves ALL the security problems of overwriting a file.

Simply because no one has written code to do that.  Personally, I see
this as a total non-issue, because if I'm going to re-use a dumped
configuration, it's going to be used on that same system and I really
don't feel hamstrung that it's not carried over the network for me to
save it back to the same system.  Don't expect me to devote any time
to implementing this solution.  In the meantime, having a mechanism to
dump to a local file only, we need to decide how to handle it.

And no one has answered my question about why we should be concerned
with overwriting a file with ntpq dumpcfg and not concerned about
remote configuration of "logfile" or another directive that can
overwrite security-sensitive files.

Cheers,
Dave Hart


More information about the hackers mailing list