Default config file behavior - request for comment
Hal Murray
hmurray at megapathdsl.net
Wed Sep 20 17:11:52 UTC 2017
> Right now, if ntpd is brought up with no config file, it runs with no
> restrictions at all. Anyone can query it, anyone can configure it. This
> seems dubious from a security point of view.
Seems not-too-likely in the normal case since it won't keep good time.
Also seems possible in, say, a recovery mode where the file system is busted,
or during setup, so I agree that this is worth fixing.
> 2. User-friendly way. Bring it up with these permissions:
> restrict default kod limited nomodify nopeer noquery
> restrict -6 default kod limited nomodify nopeer noquery
> restrict 127.0.0.1
> restrict -6 ::1
> pool pool.ntp.org iburst
> driftfile /var/lib/ntp/ntp.drift
I think wiring in pool names is a bad idea.
There may already be a default drift file name.
There is already a default default restriction. Tweaking that would be
simple.
What does nopeer mean these days?
--
These are my opinions. I hate spam.
More information about the devel
mailing list