Why admin's do not trust daemons to do their own packet filtering (was Re: Resuming the great cleanup)

Richard Laager rlaager at wiktel.com
Tue May 29 20:28:20 UTC 2018


On 05/29/2018 03:17 PM, Eric S. Raymond via devel wrote:
> The point of *this* part of the discussion is that if we accept Mark's
> security rationale (which I don't disagree with) then *every* form of
> userspace packet filtering NTP does is a defect and should be flushed.

Choosing _which_ interfaces to listen() on at all is not userspace
packet filtering.

-- 
Richard

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20180529/e2cd56d4/attachment.bin>


More information about the devel mailing list