NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/23705 (ntpd can not be restricted to certain interfaces)



The following reply was made to PR bin/23705; it has been noted by GNATS.

From: Jukka Ruohonen <jruohonen%iki.fi@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/23705 (ntpd can not be restricted to certain interfaces)
Date: Sun, 22 Nov 2009 19:43:26 +0200

 On Sat, Nov 21, 2009 at 09:45:01PM +0000, Matthew Mondor wrote:
 >  restrict bind(2).  The manual page probably should be updated to stress
 >  that an interface name is expected, and that this does not affect the
 >  binding of interfaces, but instead will filter incomming requests
 >  (which is unfortunately harder to really make sure a setup is secure
 >  enough for an admin, however, but as you showed at least the logs
 >  should help).
 >  
 >  That said, it's nice to know that restricting binding is planned for
 >  the next release.  Should this PR remain open until said upgrade, or
 >  should we close it after improving the manual page?
 
 I think this should remain open as the issue of binding to all interfaces is
 still a bug, regardless of the access control based on interfaces. Imagine
 for instance running ntpd(8) on a 24-port switch, which will waste at least
 48 file descriptors.
 


Home | Main Index | Thread Index | Old Index