[ntp:hackers] 4.2.5p203 adds ntpq dumpcfg command
Brian Utterback
brian.utterback at sun.com
Mon Aug 24 17:23:16 UTC 2009
Dave Hart wrote:
> And no one has answered my question about why we should be concerned
> with overwriting a file with ntpq dumpcfg and not concerned about
> remote configuration of "logfile" or another directive that can
> overwrite security-sensitive files.
>
> Cheers,
> Dave Hart
Indeed we should be concerned. This was a major thorn in my side
during the port of NTP v4 to OpenSolaris. It is a feature of SMF that
configuration changes of a service have different authorization from
starting and stopping a service, and neither require root access. Thus
allowing an arbitrary file path to be configured that would then be
used by a root process for writing is a big security hole.
--
blu
It's bad civic hygiene to build technologies that could someday be
used to facilitate a police state. - Bruce Schneier
----------------------------------------------------------------------
Brian Utterback - Solaris RPE, Sun Microsystems, Inc.
Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom
More information about the hackers
mailing list