[ntp:security] [Bug 1300] reject remote configuration of dangerous items

Dave Hart via the NTP Bugzilla bugzilla at ntp.org
Sat Sep 19 13:20:35 UTC 2009


http://bugs.ntp.org/1300


hart at ntp.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|stenn at ntp.org               |hart at ntp.org
            Summary|savecfg allows writes to any|reject remote configuration
                   |part of the filesystem      |of dangerous items


----------------------------------------------------------------------------
Additional Comments From hart at ntp.org (Dave Hart)
Submitted on 2009-09-19 13:20

In the interest of getting the first 4.2.6 release candidate rolling, I'm 
working on a limited set of changes that should prevent the remote file 
modifications identified as dangerous.  This is not to say Brian's scheme is not 
worthwhile, but it requires more pervasive changes than I feel comfortable with 
this close to a release.

I am implementing code in the parser to reject remote use of these directives:

enable stats
filegen
logfile
saveconfigdir

The last is a new directive specifying the sole directory saveconfig will write 
to, defaulting to nothing.  saveconfig will be rejected if there was no 
saveconfigdir specified in the startup ntp.conf, effectively disabling the 
mechanism by default without requiring a rebuild to enable it.

Please note I do not claim to be a competent Unix administrator, let alone 
security expert.  I am simply attempting to close the holes identified so far.

-- 
Dave Hart <hart at ntp.org>



------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


More information about the security mailing list