[ntp:hackers] NTP Development Snapshot 4.2.5p208 Released
mayer at ntp.org
Mon Sep 7 01:23:35 UTC 2009
Brian Utterback wrote:
> During testing, I also noticed that the config file that saveconfig
> saves does not include "includefile" directives. This makes it even
> worse, since the resulting config file is not functionally equivalent
> to the existing file.
There's a rather obvious flaw in the architecture of saveconfig. The
file already exists and can be reread at any time by ntpd. If you
combine this with remembering all remote configuration commands then it
should be possible to use the deletes to remove items from the file that
has been reread into memory and then the additions added to the end of
the file and then it can be written out. This has the additional benefit
of allowing you to dump the changes and if done right where the requests
came from (at least the IP address).
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the hackers