From owner-freebsd-security@freebsd.org Fri Apr 29 15:55:51 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D34E7B21586 for ; Fri, 29 Apr 2016 15:55:51 +0000 (UTC) (envelope-from xenophon@irtnog.org) Received: from mx1.irtnog.org (rrcs-24-123-13-61.central.biz.rr.com [24.123.13.61]) by mx1.freebsd.org (Postfix) with ESMTP id ACEA11D12 for ; Fri, 29 Apr 2016 15:55:50 +0000 (UTC) (envelope-from xenophon@irtnog.org) Received: from uxeprdbsdmx01.irtnog.net (localhost [127.0.0.1]) by mx1.irtnog.org (Postfix) with ESMTP id 3970D1C8B1A for ; Fri, 29 Apr 2016 11:47:55 -0400 (EDT) X-Virus-Scanned: amavisd-new at irtnog.org Received: from mx1.irtnog.org ([127.0.0.1]) by uxeprdbsdmx01.irtnog.net (mx1.irtnog.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ax-CVhyiQQ8Y for ; Fri, 29 Apr 2016 11:47:53 -0400 (EDT) Received: from cinip100ntsbs.irtnog.net (cinip100ntsbs.irtnog.net [10.63.1.100]) by mx1.irtnog.org (Postfix) with ESMTP for ; Fri, 29 Apr 2016 11:47:53 -0400 (EDT) Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp X-MimeOLE: Produced By Microsoft Exchange V6.5 Date: Fri, 29 Apr 2016 11:47:51 -0400 Message-ID: In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp thread-index: AdGiHzvAyY7oiv7wS/CqgChlVB+DIwACqi9g References: <20160429082953.DB31D1769@freefall.freebsd.org> <9e6342a420259fec7bd21d6222cc6e05@zahemszky.hu> <1461929003.67736.2.camel@yandex.com> From: "Matthew X. Economou" To: X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2016 15:55:51 -0000 Roger Marquis writes: >=20 > What are the reasons FreeBSD has not deprecated ntpd in favor of > openntpd? While I cannot speak for anyone other than myself, the two simply aren't equivalent. As a conscious design choice, OpenNTPD trades off accuracy for code simplicity. It lacks support for NTP authentication, access controls, reference clocks, multicast/broadcast operation, or any kind of monitoring/reporting. OpenNTPD is probably closer to rdate than ntpd in terms of their relative capabilities. I'd rather we keep ntpd in base as a consequence. The only change I'd suggest would be to alter the default configuration such that all unauthorized access were blocked (i.e., set "restrict default ignore" and "restrict -6 default ignore"). Best wishes, Matthew --=20 "The lyf so short, the craft so longe to lerne."