[ntp:hackers] 4.2.5p203 adds ntpq dumpcfg command

Danny Mayer mayer at ntp.org
Fri Aug 28 02:13:38 UTC 2009

Brian Utterback wrote:
>> How did you resolve it?  Did you disable :config and :config-from-file?
>> Cheers,
>> Dave Hart
> No. There were actually two issues. Since the log file and the debugging
> file were made configurable using the command line option, once issue
> was the ability of someone given config authorization to set the logfile
> to an arbitrary string, potentially having an embedded command which
> would then be executed by the startup script. The other was the issue we
> have been discussing.
> We ultimately deferred the issue since it takes a positive action by
> root to confer the authorizations. The ultimate solution will be to have
> a special non-priv account to run ntpd under. This will solve a lot of
> security issues.

I wish you had brought all this up when you were trying to deal with it.
Maybe we could have taken action earlier. We run ntpd on Windows with a
restricted account with only two privileges since that's all it needs to
run. This is harder on Unix as there are additional requirements and
Unix does not have a lot of privileges that can be granted or withheld
to prevent these kinds of issues.


More information about the hackers mailing list