[ntp:security] [Bug 1149] Windows ntpd should secure UDP 123 with SO_EXCLUSIVEADDRUSE
Dave Hart via the NTP Bugzilla
bugzilla at ntp.org
Tue Apr 7 02:45:31 UTC 2009
http://bugs.ntp.org/1149
----------------------------------------------------------------------------
Additional Comments From hart at ntp.org (Dave Hart)
Submitted on 2009-04-07 02:45
The security issue comes not from friendly programs accidentally run at the
same time, but unfriendly programs specifically trying to take away or share
nondeterministically access to UDP 123.
I have updated both repositories after discovering the first attempt didn't
work on ntp-dev because callers to open_socket are passing 0 instead of
interface->flags for the flags parameter. This meant the code that worked on -
stable to not set SO_EXCLUSIVEADDRUSE on the wildcard socket was broken on dev.
pogo:~hart/ntp-stable-1149
pogo:~hart/ntp-dev-1149
--
Dave Hart <hart at ntp.org>
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the security
mailing list