[ntp:security] [Bug 1300] savecfg allows writes to any part of the filesystem

Brian Utterback via the NTP Bugzilla bugzilla at ntp.org
Sat Sep 12 02:20:45 UTC 2009


http://bugs.ntp.org/1300



----------------------------------------------------------------------------
Additional Comments From brian.utterback at sun.com (Brian Utterback)
Submitted on 2009-09-12 02:20

Believe me, that series of commands had indeed occured to both Danny and I. We 
thought of some ways to deal with that as well, but I personally feel that 
saveconfig is even worse because it is immediate and takes a full file path. 
The above takes three commands, and will do the damage sometime later. Plus, I 
don't think most people even realize that you can specify a file name like 
that in the filegen command. But it doesn't take much imagination to realize 
that if you give a full file path to saveconfig you can seriously brickify the 
system. 

That having been said, I do agree that config is also unsafe. That is why we 
need to deal with the levels of authorization as I said above. So, it would be 
fine with me if you want to disable config as well until this is sorted out.

-- 
Brian Utterback <brian.utterback at sun.com>



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


More information about the security mailing list