[ntp:questions] ntpdate.c unsafe buffer write

Serge Bets serge.bets at NOSPAM.laposte.invalid
Wed Feb 13 00:56:23 UTC 2008


Hello David,

 On Tuesday, February 12, 2008 at 15:04:45 +0000, David L. Mills wrote:

> Serge Bets wrote:
>> ntpd -q can make use of the driftfile to set the kernel frequency
> That was removed as a significant security hazard.

Why exactly?


> If you want to rxplicitly set the frequency, use ntptime -f.

Sure: I can preset the frequency by hand. But not setting the frequency
is not a sensible option: it's required for good ntpq -q operations,
otherwise slews don't end on the zero.


> Ths scheme is designed so you can run ntpd until the kernel frequency
> has stabilized, then kill ntpd and run SNTP client at regular
> intervals.

There is no obstacle to that. When ntpd quits, the kernel runs on the
last computed frequency. Without driftfile, ntpd -q runs above this
frequency. With a driftfile, ntpd -q could even run above this frequency
after a reboot.

The obstacle if one existed would be a frequency reset to zero at
startup, like done by loop_config(LOOP_DRIFTINIT). Fortunately this
doesn't happen in mode_ntpdate (the -q flag).


Serge.
-- 
Serge point Bets arobase laposte point net




More information about the questions mailing list