[ntp:questions] NTP internal server?

Uwe Klein uwe_klein_habertwedt at t-online.de
Mon Oct 30 09:17:02 UTC 2006


Harlan Stenn wrote:
>>>>In article <4544ed4b$0$331$e4fe514c at news.xs4all.nl>, "Maarten Wiltink" <maarten at kittensandcats.net> writes:
> 
> 
>>>All right, there are, or were, fifteen reported exploits.  None is dated
>>>more recently than 2004 and some seem to be complaining about ten year
>>>old software distributed by companies such as Sun, Redhat, Debian, etc.
> 
> 
> Maarten> Still distributed right now, yes. For all those people who aren't
> Maarten> allowed to run something not backed by RFCs, and then come here
> Maarten> with questions about something called xntp. Sound familiar?
> 
> What's your point?  I don't see how what you just said applies to the
> thread.
> 
> Maarten> I will work on the assumption that there are exploits in the
> Maarten> current NTP until you _prove_ to me it's safe, and I'm not holding
> Maarten> my breath.
> 
> Are you volunteering to perform or pay for a code audit?
> 
> H
Should one try to shove ntpq sources to coverity?
They do a "for free"  scan for a bunch of OSS ( of varying licenses ) stuff
like Python, perl, tcl*, apache, linux-kernel, some of the bsds.

* we found some usefull things that way and had some false positives. ymmv

uwe





More information about the questions mailing list