[ntp:hackers] 4.2.5p203 adds ntpq dumpcfg command
hmurray at megapathdsl.net
Wed Aug 26 21:08:12 UTC 2009
davehart at gmail.com said:
> And yet, :config has been in ntpd for quite a while without anyone
> suggesting it needs to be crippled to specially reject "logfille" and
> other directives which can cause files to be overwritten.
There are (at least) two ways to interpret that:
1) dumpcfg isn't a problem either.
2) We need to pay more attention to security so we discuss things like
I think there are two types of security issues. (I'm not sure this
distinction is important.)
One is asjusting the time on a system so you can use other attacks on it or
machines that use it for a time server, say by telling it to use some bogus
servers you control. (Lots of other security related protocols depend on
both ends having the same/correct time.)
The other is attacking the system itself, say by overwriting a security
enabling control file or a denial-of-service by writing log files on a file
system that is close to full.
These are my opinions, not necessarily my employer's. I hate spam.
More information about the hackers