[ntp:security] [Bug 1300] savecfg allows writes to any part of the filesystem

Dave Hart via the NTP Bugzilla bugzilla at ntp.org
Sat Sep 12 01:52:44 UTC 2009


http://bugs.ntp.org/1300



----------------------------------------------------------------------------
Additional Comments From hart at ntp.org (Dave Hart)
Submitted on 2009-09-12 01:52

Excuse me, I was thinking incorrectly that saveconfig is exposed via the 
:config/config-from-file, so I should have said while you're making saveconfig 
opt-in, make sure you also make :config/config-from-file opt-in.

Otherwise we're just fooling ourselves.  Example:

ntpq>:config enable stats
ntpq>:config statsdir /
ntpq>:config filegen loopstats type none file kernel

say goodbye to /kernel

-- 
Dave Hart <hart at ntp.org>



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


More information about the security mailing list