Date: Tue, 23 Dec 2014 13:07:34 +0000 From: Joe Malcolm <jmalcolm@uraeus.com> To: Dag-Erling Smørgrav <des@des.no> Cc: Joe Malcolm <jmalcolm@uraeus.com>, freebsd-security@freebsd.org, Robert Simmons <rsimmons0@gmail.com>, Winfried Neessen <neessen@cleverbridge.com> Subject: Re: ntpd vulnerabilities Message-ID: <21657.26902.156000.609968@neoshoggoth.uraeus.com> In-Reply-To: <86sig6yd63.fsf@nine.des.no> References: <252350272.1812596.1419241828431.JavaMail.zimbra@cleverbridge.com> <86a92fzmls.fsf@nine.des.no> <CA%2BQLa9Du5dZbF-FzEX6Z5cA4m=rTo%2BZiEgzuKN5f8xquVExwXg@mail.gmail.com> <21656.46224.764659.252388@neoshoggoth.uraeus.com> <86sig6yd63.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Sm=C3=B8rgrav writes: >Joe Malcolm <jmalcolm@uraeus.com> writes: >> I'm no expert on ntp.conf, but this appears in my ntp.conf on one of= >> my FreeBSD systems: >> >> restrict default kod nomodify notrap nopeer noquery >> restrict -6 default kod nomodify notrap nopeer noquery >> >> However, it also has these: >> >> restrict 127.0.0.1 >> restrict -6 ::1 >> restrict 127.127.1.0 > >These work on a "last match" basis. The latter three lines lift all >restrictions for localhost, so you can still "ntpq -pn" your own serve= r, >but nobody else can. Thanks. So, if I understand correctly, the shipped config is vulnerable to local (same-host) attackers, not remote ones. joe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?21657.26902.156000.609968>