[ntp:hackers] 4.2.5p203 adds ntpq dumpcfg command

Danny Mayer mayer at ntp.org
Mon Aug 24 17:35:44 UTC 2009


Brian Utterback wrote:
> 
> 
> Dave Hart wrote:
>> And no one has answered my question about why we should be concerned
>> with overwriting a file with ntpq dumpcfg and not concerned about
>> remote configuration of "logfile" or another directive that can
>> overwrite security-sensitive files.
>>
>> Cheers,
>> Dave Hart
> 
> Indeed we should be concerned.  This was a major thorn in my side during
> the port of NTP v4 to OpenSolaris. It is a feature of SMF that
> configuration changes of a service have different authorization from
> starting and stopping a service, and neither require root access. Thus
> allowing an arbitrary file path to be configured that would then be used
> by a root process for writing is a big security hole.

Agreed. As I said in a previous message, we should be concerned about
the ability to configure it to write to other files and directories.
This includes logging and stats directories and files. In BIND9 we
configure a directory and all file and directory paths are relative to
that. In effect you are chrooting named to that directory. I think we
should do the same thing with ntpd.

Danny



More information about the hackers mailing list