[ntp:hackers] NTP Development Snapshot 4.2.5p208 Released

Dave Hart davehart at gmail.com
Sun Aug 30 18:48:46 UTC 2009

On Sun, Aug 30, 2009 at 6:15 PM, Brian Utterback wrote:
> Dave Hart wrote:
>> If you have an idea for better validation of arguments, please share.
> Well, the obvious one is to not allow more arguments on the line.

Looking at it from the ntpq side, only the first argument is used.  Of
course, a clever intruder can use a modified ntpq.  On the ntpd side,
the entirety of the parameter is treated as a single filename.  I am
not following what you are suggesting be changed.

>> I am not sure why you'd be trying to write to ntpd's current directory
>> rather than a specified path.  Assuming there's a good reason, why
>> would you include "./" when leaving it off is equivalent?  We could
>> discourage this habit by rejecting saveconfig arguments beginning with
>> "." aside from "." alone.
> How would the user that is unfamiliar know that ./ is not needed? Many
> people just type ./ out of habit when they mean the current directory.

I still fail to see the utility of referencing the ntpd's current
directory.  I believe that will be either its startup current
directory, or if chrooted, the root.  In either case, I expect the
common case for saveconfig to be a root-based path.  In what scenario
do you envision desiring to save to a curdir-relative path?

> If
> you have to have a token that means "the current config file", then  it
> shouldn't include a character that is legal part of a path.

I'm enjoying this conversation so much I regret adding the shortcut,
and certainly if Sun won't ship it, that veto holds and it's gone.
And the world is safe from typos, hooray!

> Furthermore, I notice that while  ntpd will not overwrite existing files, it
> returns that the write succeeded. This doesn't sound wise, since the remote
> admin may think that the current config is written somewhere when it isn't.

My results on Windows are different.  p208 will overwrite a file.
Please verify it is failing to overwrite an existing file.

> The ability to create a file owned by root at any path is not safe. This
> feature needs more work.

Go for it.  I'm fast losing interest.

Dave Hart

More information about the hackers mailing list