Date: Fri, 06 Apr 2001 20:30:24 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: bmah@FreeBSD.org Cc: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>, jedgar@FreeBSD.org (Chris D. Faulhaber), cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/contrib/ntp/ntpd ntp_control.c Message-ID: <42985.986581824@critter> In-Reply-To: Your message of "Fri, 06 Apr 2001 11:14:29 PDT." <200104061814.f36IETo67718@bmah-freebsd-0.cisco.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200104061814.f36IETo67718@bmah-freebsd-0.cisco.com>, "Bruce A. Mah" writes: >--==_Exmh_1653959243P >Content-Type: text/plain; charset=us-ascii > >If memory serves me right, "Rodney W. Grimes" wrote: >> MFC??? phk's broken fixes as immediately mfc'ed, why has this not >> been? Especially the other commit to fix the DOS due to logging >> a bazillion messages when someone hits the snot out of you with >> bad ntp packets... > >Maybe because phk felt more comfortable, under the circumstances, doing >an immediate MFC without prior approval? Please remember that RELENG_4 >is still in code-freeze. A few minutes before I went to commit I received the WindRivers announcement, so I figured that Jordan was offline at that time, I also had discussed the issue with security-officer@ so I felt that sufficient urgency was indeed at hand to do the iMFC thing. I'm sorry my patch wasn't perfect, it was intended as a stopgap only, and I think it fulfilled that role. As others have pointed out, the entire file has numerous dubious fragments of code which should be scrutinized. As much as I love to tinker with NTP, I seriously hate some bits of its source code, ntp_control.c is one of the files I hate... I hate even more for such an exploit to be released in public with no warning, and even more so when it comes at a time where I have negative time available on my schedule :-( -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42985.986581824>