Important news about security in NTP.
Source
http://nwtime.org/ntp-linux-security...ed-win-t-shirt
Quote:
NTP Linux Security Sandbox Testers Needed – Win a T-Shirt!
August 29, 2014 by harlan
Help improve NTP’s Linux Security Sandbox by testing this new feature, providing feedback to us, and score a chance for an NTF t-shirt!
Traditionally, one of the more secure ways to run an NTP server is to have ntpd switch to an unprivileged user, once it no longer requires special privileges.
However, this does not prevent a remote attacker from finding a security hole and then using the unprivileged user to open socket connections, fork new processes or attempt to make system calls to gain root privilege through some local exploit.
With the optional Linux security sandbox support added to NTP in 4.2.7p422 we make the attacker’s job much more difficult as the size of his playing field is significantly reduced. He can no longer do many of those attacks. The NTP sandbox makes the attacker’s job much harder as he is restricted to a very small number of system calls.
Linux Security Sandbox support for NTP is provided by libseccomp2, and this capability was added to NTP by a patch from Loganaden Velvindron of AFRINIC.
All you need to do is to have a Linux box to run the sandbox code on. Then build and run the latest development snapshot of NTP, enabling sandboxing (configure --enable-libseccomp), and then report back to us to be entered into a drawing for a “timeless” Network Time Foundation t-shirt!.
|
And please look my last comment about NTP article
http://docs.slackware.com/talk:howto...k_services:ntp