[ntp:hackers] NTP Development Snapshot 4.2.5p208 Released

Brian Utterback brian.utterback at sun.com
Sun Aug 30 16:45:07 UTC 2009

Really, really. I am being a bit factitious here, in that the current 
set allows overwriting an existing configuration file easily by a 
typo. Overwriting the existing file is something that is highly 
dangerous and probably ought not to be allowed at all and to make it 
so simple to do by mistake is just not a good design.

There are two things to consider that make this doubly dangerous. One, 
ntpq remembers your key entries after they are entered. Two, 
saveconfig does not validate its flags. So, if you are in a ntpq 
session and have already entered the proper key, it will not ask you 
again when you run saveconfig. And if you happen to type

"saveconfig . /conffile"

instead of

"saveconfig ./conffile"

then you have just overwritten the origiunal ntp.conf file.

If you simply have to have this feature, I would prefer that there was 
an "enable confoverwrite" option that could not be changed remotely 
and defaults to disabled.

During testing, I also noticed that the config file that saveconfig 
saves does not include "includefile" directives. This makes it even 
worse, since the resulting config file is not functionally equivalent 
to the existing file.

Dave Hart wrote:
> On Sun, Aug 30, 2009 at 3:49 PM, Brian Utterback wrote:
>> I agree that the ability to change the persistent configuration of NTP
>> on the fly remotely may be useful in some circumstances, but in that
>> case there should be a "Really?", followed by "are you really really
>> sure?", etc.
> Are you really, really sure you don't work for Microsoft?
> Cheers,
> Dave Hart


It's bad civic hygiene to build technologies that could someday be
used to facilitate a police state. - Bruce Schneier
Brian Utterback - Solaris RPE, Sun Microsystems, Inc.
Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom

More information about the hackers mailing list