[ntp:security] [Bug 527] ntpd frequently crashes on Windows systems

Martin Burnicki via the NTP Bugzilla bugzilla at ntp.isc.org
Fri May 25 02:23:50 PDT 2007


Additional Comments From burnicki at ntp.org (Martin Burnicki)
Submitted on 2007-05-25 09:23

I've just tested the latest stable version, and it seems indeed like the bug 
has been fixed. Congratulations, Danny!

While the latest stable version without Danny's patch trapped as usual 
immediately under load, the version with the patch ran for more than 15 minutes 
under full load without problems.

(In reply to comment #37)
> Martin, please check ntp-stable and mark this bug as VERIFIED or REOPENED, as
> appropriate.  I still need to pull this change into -dev.

Shouldn't we check also ntp-dev, just to be sure, before we mark this as 
> When can we remove the "security" restriction on this bug?

I think we can remove this now. It's only related to Windows, and I doubt there 
are many Windows versions out there which can be compromised.

> With this fix, is it OK to roll a recent -stable for the prebuilt windows
> distribution?

Yet I've normally been working and testing with the -dev version. I'd prefer to 
do some more testing with the stable branch before we publish a new 
distribution for Windows. 

While the GUI installer has been downloaded more than 28000 time last year, we 
have already had more than 15000 downloads this year. It has now been such a 
long time until we could make a new Windows distribution, so we should not just 
rush now but make sure the next distribution works fine.

For example, when I try to stop the ntpd service built from the current -stable 
code then it cannot be stopped and I have to reboot to remove ntpd from memory. 

I have not yet checked which of the patches for -dev should also be pulled into 
-stable to fix this, but maybe it would be better to wait until the current 
-dev becomes the next -stable.


Martin Burnicki <burnicki at ntp.org>

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the security mailing list