[ntp:questions] Re: server's address in ntp payload?

Brian Utterback brian.utterback at sun.removeme.com
Wed Nov 23 16:27:49 UTC 2005


Danny Mayer wrote:
> Brian Utterback wrote:

>>Explain to me why it is necessary to bind all the addresses on a system
>>with a UNIX privilege model. I can not see any scenario where it stops
>>any threat for port 123. For ports above 1024, I know of some issues,
>>which is why Solaris added the EXCL_BIND socket option. But as I said,
>>it is a non-issue on UNIX systems for port 123.
>>
> 
> 
> That's not true. Any application in the startup or that gains root
> privilege can potentially bind to port 123 on any address. It's bad to
> make assumptions on what happens to a system under attack or just
> accidentally. I've lost count of the number of times that people end up
> running two copies of ntpd on a system not realising that they are.

That you can start up two NTP processes is a flaw in NTP not a need
to bind all the addresses. NTP could and should detect this even if
only the wildcard address is bound.

Sure, any application that is running as root could bind port 123.
What scenario do you envision where a root process accidentally
binds a specific interface address to port 123 and does not bind
the port to the wildcard address? If you are talking about a deliberate
such binding, then since the process is root, binding all the interfaces
is no protection.

I still see no scenario where binding all the addresses is useful on
UNIX, except to be able to determine the destination address. And of
course, I stil ldo not believe that even this should be necessary.

-- 
blu

"Having them stolen may become our distribution model..."
Nicolas Negroponte on the Hundred Dollar Laptop.
----------------------------------------------------------------------
Brian Utterback - OP/N1 RPE, Sun Microsystems, Inc.
Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom




More information about the questions mailing list