Carl Brewer <carl%bl.echidna.id.au@localhost> writes:
> On bootup on a NetBSD 5.2 (amd64) box of mine the original system ntpd
> starts (which is vulnerable to a DoS attack) :
>
> bash-4.3# ps -auxww | grep ntp
> root 269 0.2 0.1 11324 5424 ? Ss 3:44AM 4:19.12
> /usr/sbin/ntpd
>
> bash-4.3# kill -TERM 269
>
> bash-4.3# /etc/rc.d/ntpd start
> Starting ntpd.
>
> bash-4.3# !ps
> ps -auxww | grep ntp
> root 1969 0.0 0.2 11340 7288 ? Ss 6:42AM 0:00.01
> /usr/pkg/sbin/ntpd
>
> I've grepped through /etc for ntpd and can't find any references to
> /usr/sbin/ntpd anywhere - I replaced /etc/rc.d/ntpd with the one from
> pkgsrc when I replaced ntpd with the pkgsrc one (and, as above, when I
> run /etc/rc.d/ntpd by hand it does the right thing!).
in /etc/rc.d/ntpd I see
command="/usr/sbin/${name}"
It may be possible to override with /etc/rc.conf.d/ntpd and setting
command= in there.
It looks like your path is changing which ntpd gets run.
Are you saying that after you moved the pkgsrc rc.d/ntpd into /etc/rc.d,
and then rebooted, you still have the system ntpd? Read the rc.d file -
is it calling ntpd without a fully-qualified path?
Attachment:
pgpbFTolAKuUK.pgp
Description: PGP signature