From owner-freebsd-security@FreeBSD.ORG  Tue Jan 14 14:03:58 2014
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id A8F23396;
 Tue, 14 Jan 2014 14:03:58 +0000 (UTC)
Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13::5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0B80C1865;
 Tue, 14 Jan 2014 14:03:57 +0000 (UTC)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: girgen@FreeBSD.org
Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1])
 by eg.sd.rdtc.ru (8.14.7/8.14.7) with ESMTP id s0EE3Wbq050744;
 Tue, 14 Jan 2014 21:03:32 +0700 (NOVT)
 (envelope-from eugen@grosbein.net)
Message-ID: <52D543B4.8090700@grosbein.net>
Date: Tue, 14 Jan 2014 21:03:32 +0700
From: Eugene Grosbein <eugen@grosbein.net>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:17.0) Gecko/20130415 Thunderbird/17.0.5
MIME-Version: 1.0
To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= <des@des.no>
Subject: Re: UNS: Re: NTP security hole CVE-2013-5211?
References: <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org>
 <52CEAD69.6090000@grosbein.net>
 <21199.26019.698585.355699@hergotha.csail.mit.edu>
 <868uuid7y3.fsf@nine.des.no>
In-Reply-To: <868uuid7y3.fsf@nine.des.no>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-0.3 required=5.0 tests=ALL_TRUSTED,BAYES_00,
 LOCAL_FROM autolearn=no version=3.3.2
X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
 * -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000] *  2.6 LOCAL_FROM From my domains
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eg.sd.rdtc.ru
Cc: freebsd-security@freebsd.org, Palle Girgensohn <girgen@FreeBSD.org>,
 Garrett Wollman <wollman@bimajority.org>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jan 2014 14:03:58 -0000

On 14.01.2014 20:11, Dag-Erling Smørgrav wrote:
> Garrett Wollman <wollman@bimajority.org> writes:
>> For a "pure" client, I would suggest "restrict default ignore" ought
>> to be the norm.  (Followed by entries to unrestrict localhost over v4
>> and v6.)
> 
> Pure clients shouldn't use ntpd(8).  They should use sntp(8) or a
> lightweight NTP client like ttsntpd.

$ man sntp
No manual entry for sntp
$ whereis sntp
sntp: /usr/sbin/sntp

That's first time I see a reference to sntp(8) for FreeBSD
while using it since 2.2.5-RELEASE.

Is it documented somewhere?

Eugene Grosbein