Dag-Erling Smørgrav writes: >Joe Malcolm <jmalc...@uraeus.com> writes: >> I'm no expert on ntp.conf, but this appears in my ntp.conf on one of >> my FreeBSD systems: >> >> restrict default kod nomodify notrap nopeer noquery >> restrict -6 default kod nomodify notrap nopeer noquery >> >> However, it also has these: >> >> restrict 127.0.0.1 >> restrict -6 ::1 >> restrict 127.127.1.0 > >These work on a "last match" basis. The latter three lines lift all >restrictions for localhost, so you can still "ntpq -pn" your own server, >but nobody else can.
Thanks. So, if I understand correctly, the shipped config is vulnerable to local (same-host) attackers, not remote ones. joe _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
