[ntp:security] [Bug 2938] ntpq saveconfig command allows dangerous characters in filenames

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Tue Oct 13 19:29:20 UTC 2015


Danny Mayer <mayer at ntp.org> changed:

           What    |Removed                     |Added
                 CC|                            |mayer at ntp.org

--- Comment #2 from Danny Mayer <mayer at ntp.org> 2015-10-13 19:29:20 UTC ---
(In reply to comment #1)
> File names for 'savevonfig' must match the regular expression
>    [_A-Za-z0-9][-+._A-Za-z0-9]*
> to be accepted. This blocks globbing bombs, path traversal and drive selection
> (Windows,VMS); while eliminating file names that are valid for a given platform
> the permitted subset should be safe to use everywhere.

If the ntp.conf file is /etc/ntp.conf then this fix can potentially overwrite
/etc/password. Should we be checking if it would overwrite a file and prevent
that from happening?


Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list