Date: Tue, 14 Jan 2014 08:40:01 -0700 (MST) From: Warren Block <wblock@wonkity.com> To: Eugene Grosbein <eugen@grosbein.net> Cc: =?ISO-8859-15?Q?Dag-Erling_Sm=F8rgrav?= <des@des.no>, Palle Girgensohn <girgen@FreeBSD.org>, Garrett Wollman <wollman@bimajority.org>, freebsd-security@freebsd.org Subject: Re: UNS: Re: NTP security hole CVE-2013-5211? Message-ID: <alpine.BSF.2.00.1401140839260.96143@wonkity.com> In-Reply-To: <52D543B4.8090700@grosbein.net> References: <B0F3AA0A-2D23-424B-8A79-817CD2EBB277@FreeBSD.org> <52CEAD69.6090000@grosbein.net> <21199.26019.698585.355699@hergotha.csail.mit.edu> <868uuid7y3.fsf@nine.des.no> <52D543B4.8090700@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 14 Jan 2014, Eugene Grosbein wrote: > On 14.01.2014 20:11, Dag-Erling Smørgrav wrote: >> Garrett Wollman <wollman@bimajority.org> writes: >>> For a "pure" client, I would suggest "restrict default ignore" ought >>> to be the norm. (Followed by entries to unrestrict localhost over v4 >>> and v6.) >> >> Pure clients shouldn't use ntpd(8). They should use sntp(8) or a >> lightweight NTP client like ttsntpd. > > $ man sntp > No manual entry for sntp > $ whereis sntp > sntp: /usr/sbin/sntp > > That's first time I see a reference to sntp(8) for FreeBSD > while using it since 2.2.5-RELEASE. > > Is it documented somewhere? sntp.1 is in contrib/ntp/sntp/, but it's never installed. From owner-freebsd-security@FreeBSD.ORG Tue Jan 14 19:11:00 2014 Return-Path: <owner-freebsd-security@FreeBSD.ORG> Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A49B536C; Tue, 14 Jan 2014 19:11:00 +0000 (UTC) Received: from keltia.net (aran.keltia.net [88.191.250.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6562215BC; Tue, 14 Jan 2014 19:10:59 +0000 (UTC) Received: from [192.168.1.18] (foret.keltia.net [78.232.116.160]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: roberto) by keltia.net (Postfix) with ESMTPSA id 0AB5A52B2; Tue, 14 Jan 2014 20:11:04 +0100 (CET) From: "Ollivier Robert" <roberto@keltia.net> To: "Karl Pielorz" <kpielorz_lst@tdx.co.uk> Subject: Re: ntpd 4.2.4p8 - up to date? Date: Tue, 14 Jan 2014 20:10:55 +0100 Message-ID: <47C93A3E-7DFE-4093-BB31-3F3C67E5FED3@keltia.net> In-Reply-To: <F148DAE409EE1AAB9AA06D6C@study64.tdx.co.uk> References: <7403C046ABF387E5061BC441@Mail-PC.tdx.co.uk> <CAFHbX1LAcE4c_E5J4pdny0hkz=GTPghmsB0kRuTDQdP9S8PCHg@mail.gmail.com> <E520736B-8D62-4A97-AFFD-14F44B1CC290@FreeBSD.org> <F148DAE409EE1AAB9AA06D6C@study64.tdx.co.uk> MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Mailer: MailMate Trial (1.7.2r3905) X-Mailman-Approved-At: Tue, 14 Jan 2014 19:25:20 +0000 Cc: freebsd-security@freebsd.org, Dimitry Andric <dim@FreeBSD.org> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" <freebsd-security.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>; List-Post: <mailto:freebsd-security@freebsd.org> List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, <mailto:freebsd-security-request@freebsd.org?subject=subscribe> X-List-Received-Date: Tue, 14 Jan 2014 19:11:00 -0000 On 2 Nov 2013, at 20:24, Karl Pielorz wrote: > So as I'd kind of guessed - it's not really vanilla 4.2.4p8 that it's > running, it's based on 4.2.4p8 with additional patches that have been > applied by FreeBSD, to address the applicable notifications? Yes.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1401140839260.96143>