[ntp:security] [Bug 1300] savecfg allows writes to any part of the filesystem

Harlan Stenn via the NTP Bugzilla bugzilla at ntp.org
Sat Sep 12 00:21:29 UTC 2009


http://bugs.ntp.org/1300



----------------------------------------------------------------------------
Additional Comments From stenn at ntp.org (Harlan Stenn)
Submitted on 2009-09-12 00:21

Subject: savecfg allows writes to any part of the filesystem 

At some point we'll probably need to separate the "what to do about
saveconfig" and these other issues.

I do like the list that Brian posted, and I think we should work on
discussing and implementing something.

I'm fine with Brian's suggestion of requiring explicit action to enable
the saveconfig stuff for now, and if we can resolve this before 4.2.6 is
released so much the better.

I believe support.ntp.org is up and running again - some folks may need
to reset their passwords.

-- 
Harlan Stenn <stenn at ntp.org>
http://ntpforum.isc.org  - be a member!





------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


More information about the security mailing list