[ntp:questions] NTP internal server?

Uwe Klein uwe_klein_habertwedt at t-online.de
Mon Oct 30 20:02:11 UTC 2006


Richard B. Gilbert wrote:
> Hal Murray wrote:
> 
>>> Old vulnerabilities that have been fixed are not a problem of much 
>>> concern to me.  I run a recent version of ntpd that does not exhibit 
>>> these vulnerabilities.  If people chose, for whatever reason, to run 
>>> a ten year old version of ntpd they must accept the associated risks 
>>> and inferior performance.  Since the modern, improved and fixed 
>>> version is freely available to all I don't see any reason why anyone 
>>> who needs NTP and is concerned about security should not run it.
>>
>>
>>
>> How about:
>>   If it ain't broke, don't fix it.
>>
>> Lots of people get their version of (x)ntp from their hardware
>> vendor.  Most of them are not time geeks, they just need something
>> that's good enough.  They depend on their vendor to fix security
>> problems in packages like ntp.
>>
> 
> Perhaps the vendors do fix security problems.  If so, the simplest 
> approach, for most, would be to grab an up to date copy of the reference 
> implementation, build it, and distribute it.   Clearly most vendors do 
> not do this!  In the case of OpenVMS it is understandable since the 
> reference implementation contains enough "Unixisms" that it will not 
> build on VMS (I've tried).  For Solaris and Linux the build should be 
> straightforward.  I expect that the build for AIX and HP-UX should also 
> be straightforward.
Suse forex ( as of 9.1 through 10.1 ) are still based in ntp-stable-4.2.0a-20050816.tar.bz2
with a plethora of patches. :
-rw-r--r-- 1 root root     187 2006-01-26 11:22 conf.logrotate.ntp
-rw-r--r-- 1 root root    2023 2006-01-26 11:22 conf.ntp.conf
-rw-r--r-- 1 root root    6326 2006-01-26 11:22 conf.ntp.init
-rw-r--r-- 1 root root     310 2006-01-26 11:22 conf.ntp.reg
-rw-r--r-- 1 root root    2543 2006-01-26 11:22 conf.sysconfig.ntp
-rw-r--r-- 1 root root     430 2006-01-26 11:22 conf.sysconfig.syslog-ntp
-rw-r--r-- 1 root root     251 2006-06-29 14:30 NetworkManager-ntp
-rw-r--r-- 1 root root     519 2006-01-26 11:22 ntp.1.gz
-rw-r--r-- 1 root root     327 2006-01-26 11:22 ntp-4.1.1.SuSE-Config.diff
-rw-r--r-- 1 root root    6949 2006-01-26 11:22 ntp-4.2.0a-no_ipv6_stack.diff
-rw-r--r-- 1 root root    1532 2006-01-26 11:22 ntp-4.2.0.ntpdate_overflow.diff
-rw-r--r-- 1 root root   23909 2006-01-26 11:22 ntp-4.2.0-rh-manpages.tar.gz
-rw-r--r-- 1 root root   25894 2006-01-26 11:22 ntp-codecleanup.patch
-rw-r--r-- 1 root root     406 2006-01-26 11:22 ntpd-maxmonmen.patch
-rw-r--r-- 1 root root    1635 2006-01-26 11:22 ntpd-using_wrong_group.diff
-rw-r--r-- 1 root root  271146 2004-03-05 18:35 NTP-FAQ-3.4.tar.bz2
-rw-r--r-- 1 root root     780 2006-01-26 11:22 ntp-linuxcaps.diff
-rw-r--r-- 1 root root    2273 2006-01-26 11:22 ntp-manpages.patch
-rw-r--r-- 1 root root    1995 2006-01-26 11:22 ntp-ntptrace_doc.diff
-rw-r--r-- 1 root root     243 2006-01-26 11:22 ntp-ntptrace_sbinpath.diff
-rw-r--r-- 1 root root     292 2006-01-26 11:22 ntp-segfault_on_invalid_device.d
iff
-rw-r--r-- 1 root root     634 2006-01-26 11:22 ntp-stable-4.2.0a-20050816-locon
ly.patch
-rw-r--r-- 1 root root 2112658 2006-01-26 11:22 ntp-stable-4.2.0a-20050816.tar.b
z2
-rw-r--r-- 1 root root     521 2006-01-26 11:22 README.SUSE
-rw-r--r-- 1 root root     756 2006-01-26 11:22 xntp-lib64.patch
-rw-r--r-- 1 root root     670 2006-01-26 11:22 xntp-posix_options.diff

uwe




More information about the questions mailing list