Date: Tue, 23 Dec 2014 14:18:25 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Joe Malcolm <jmalcolm@uraeus.com> Cc: freebsd-security@freebsd.org, Robert Simmons <rsimmons0@gmail.com>, Winfried Neessen <neessen@cleverbridge.com> Subject: Re: ntpd vulnerabilities Message-ID: <86oaquy066.fsf@nine.des.no> In-Reply-To: <21657.26902.156000.609968@neoshoggoth.uraeus.com> (Joe Malcolm's message of "Tue, 23 Dec 2014 13:07:34 %2B0000") References: <252350272.1812596.1419241828431.JavaMail.zimbra@cleverbridge.com> <86a92fzmls.fsf@nine.des.no> <CA%2BQLa9Du5dZbF-FzEX6Z5cA4m=rTo%2BZiEgzuKN5f8xquVExwXg@mail.gmail.com> <21656.46224.764659.252388@neoshoggoth.uraeus.com> <86sig6yd63.fsf@nine.des.no> <21657.26902.156000.609968@neoshoggoth.uraeus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Malcolm <jmalcolm@uraeus.com> writes: > Dag-Erling Sm=C3=B8rgrav <des@des.no> writes: > > These work on a "last match" basis. The latter three lines lift all > > restrictions for localhost, so you can still "ntpq -pn" your own > > server, but nobody else can. > Thanks. So, if I understand correctly, the shipped config is > vulnerable to local (same-host) attackers, not remote ones. Broadly, yes. Restricting requests from localhost makes it impossible to monitor your own server, because ntpdc and ntpq talk to ntpd over UDP to localhost rather than a Unix socket, which could be protected by file permissions. Implementing a Unix socket for ntpdc / ntpq is left as an exercise to the reader. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86oaquy066.fsf>