[ntp:security] [Bug 2938] ntpq saveconfig command allows dangerous characters in filenames

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Tue Oct 13 19:29:20 UTC 2015


http://bugs.ntp.org/show_bug.cgi?id=2938

Danny Mayer <mayer at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mayer at ntp.org

--- Comment #2 from Danny Mayer <mayer at ntp.org> 2015-10-13 19:29:20 UTC ---
(In reply to comment #1)
> File names for 'savevonfig' must match the regular expression
> 
>    [_A-Za-z0-9][-+._A-Za-z0-9]*
> 
> to be accepted. This blocks globbing bombs, path traversal and drive selection
> (Windows,VMS); while eliminating file names that are valid for a given platform
> the permitted subset should be safe to use everywhere.
> 

If the ntp.conf file is /etc/ntp.conf then this fix can potentially overwrite
/etc/password. Should we be checking if it would overwrite a file and prevent
that from happening?

Danny

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list