From owner-freebsd-stable  Thu Aug  9 18:44:52 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from warez.scriptkiddie.org (uswest-dsl-142-38.cortland.com [209.162.142.38])
	by hub.freebsd.org (Postfix) with ESMTP id 9C78737B401
	for <freebsd-stable@FreeBSD.ORG>; Thu,  9 Aug 2001 18:44:45 -0700 (PDT)
	(envelope-from lamont@scriptkiddie.org)
Received: from [192.168.69.11] (unknown [192.168.69.11])
	by warez.scriptkiddie.org (Postfix) with ESMTP id 5BDF662D01
	for <freebsd-stable@FreeBSD.ORG>; Thu,  9 Aug 2001 18:44:42 -0700 (PDT)
Date: Thu, 9 Aug 2001 18:44:59 -0700 (PDT)
From: Lamont Granquist <lamont@scriptkiddie.org>
To: "'freebsd-stable@freebsd.org'" <freebsd-stable@FreeBSD.ORG>
Subject: Re: NTPD in upcoming release?
In-Reply-To: <20010809184004.B19892@xor.obsecurity.org>
Message-ID: <20010809184147.H14792-100000@coredump.scriptkiddie.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


Is 5.0 going to let ntpd run without root permissions?

Having ntpd running as root scares the living fuck out of me since it
lends itself to attacks involving single packets and spoofed source
addresses (and in particular spoofing the tier 1 and 2 time daemon source
addresses to bypass firewall rules).

On Thu, 9 Aug 2001, Kris Kennaway wrote:
> On Fri, Aug 10, 2001 at 02:34:25AM +0200, Schmalzbauer, Harald wrote:
> > Hello timedependent friends,
> >
> > I wonder if ntpd 4.0.99b gets replaced with ntpd4.1 in 4.4-release?
>
> Probably not, since we're already in code freeze.
>
> > I can remember that there was a vulnerability in ntpd which came with
> > 4.3-release. I'm tracking -stable and I think I remember that malicious code
> > was replaced but ntpd itself is still reporting version 4.099b.
>
> Yes, it was fixed a day or so after the vulnerability was first made
> known to us.
>
> > Sorry for that stupid question, but at the moment I don't have a spare
> > machine on which I could test this. Btw: Am I right that IPFilter 3.4.20 is
> > merged? And what about I4B 1.0?
>
> Check the release notes.
>
> Kris
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message