> Right now, if ntpd is brought up with no config file, it runs with no > restrictions at all. Anyone can query it, anyone can configure it. This > seems dubious from a security point of view.
Seems not-too-likely in the normal case since it won't keep good time. Also seems possible in, say, a recovery mode where the file system is busted, or during setup, so I agree that this is worth fixing. > 2. User-friendly way. Bring it up with these permissions: > restrict default kod limited nomodify nopeer noquery > restrict -6 default kod limited nomodify nopeer noquery > restrict 127.0.0.1 > restrict -6 ::1 > pool pool.ntp.org iburst > driftfile /var/lib/ntp/ntp.drift I think wiring in pool names is a bad idea. There may already be a default drift file name. There is already a default default restriction. Tweaking that would be simple. What does nopeer mean these days? -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
