[ntp:security] Re: Concerning a possible bug in the 'ntp' package

Harlan Stenn stenn at ntp.isc.org
Fri Sep 2 00:14:43 UTC 2005


Danny,

> Well in this instance, ntpd is opening the file for write, thereby 
> overwriting any original contents so it does not matter what an attacker 
> may have written into it.

The point is also that an attacker can point the temp file at some other
file, and when we write to it we wipe it out.  Also bad.

H


More information about the security mailing list