Date: Thu, 9 Aug 2001 18:44:59 -0700 (PDT) From: Lamont Granquist <lamont@scriptkiddie.org> To: "'freebsd-stable@freebsd.org'" <freebsd-stable@FreeBSD.ORG> Subject: Re: NTPD in upcoming release? Message-ID: <20010809184147.H14792-100000@coredump.scriptkiddie.org> In-Reply-To: <20010809184004.B19892@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Is 5.0 going to let ntpd run without root permissions? Having ntpd running as root scares the living fuck out of me since it lends itself to attacks involving single packets and spoofed source addresses (and in particular spoofing the tier 1 and 2 time daemon source addresses to bypass firewall rules). On Thu, 9 Aug 2001, Kris Kennaway wrote: > On Fri, Aug 10, 2001 at 02:34:25AM +0200, Schmalzbauer, Harald wrote: > > Hello timedependent friends, > > > > I wonder if ntpd 4.0.99b gets replaced with ntpd4.1 in 4.4-release? > > Probably not, since we're already in code freeze. > > > I can remember that there was a vulnerability in ntpd which came with > > 4.3-release. I'm tracking -stable and I think I remember that malicious code > > was replaced but ntpd itself is still reporting version 4.099b. > > Yes, it was fixed a day or so after the vulnerability was first made > known to us. > > > Sorry for that stupid question, but at the moment I don't have a spare > > machine on which I could test this. Btw: Am I right that IPFilter 3.4.20 is > > merged? And what about I4B 1.0? > > Check the release notes. > > Kris > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010809184147.H14792-100000>