[ntp:questions] NTP internal server?
uwe_klein_habertwedt at t-online.de
Mon Oct 30 09:17:02 UTC 2006
Harlan Stenn wrote:
>>>>In article <4544ed4b$0$331$e4fe514c at news.xs4all.nl>, "Maarten Wiltink" <maarten at kittensandcats.net> writes:
>>>All right, there are, or were, fifteen reported exploits. None is dated
>>>more recently than 2004 and some seem to be complaining about ten year
>>>old software distributed by companies such as Sun, Redhat, Debian, etc.
> Maarten> Still distributed right now, yes. For all those people who aren't
> Maarten> allowed to run something not backed by RFCs, and then come here
> Maarten> with questions about something called xntp. Sound familiar?
> What's your point? I don't see how what you just said applies to the
> Maarten> I will work on the assumption that there are exploits in the
> Maarten> current NTP until you _prove_ to me it's safe, and I'm not holding
> Maarten> my breath.
> Are you volunteering to perform or pay for a code audit?
Should one try to shove ntpq sources to coverity?
They do a "for free" scan for a bunch of OSS ( of varying licenses ) stuff
like Python, perl, tcl*, apache, linux-kernel, some of the bsds.
* we found some usefull things that way and had some false positives. ymmv
More information about the questions