Re: bin/23705 (ntpd can not be restricted to certain interfaces)

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,martin%duskware.de@localhost
Subject: Re: bin/23705 (ntpd can not be restricted to certain interfaces)
From: Jukka Ruohonen <jruohonen%iki.fi@localhost>
Date: Sun, 22 Nov 2009 17:45:01 +0000 (UTC)

The following reply was made to PR bin/23705; it has been noted by GNATS.

From: Jukka Ruohonen <jruohonen%iki.fi@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/23705 (ntpd can not be restricted to certain interfaces)
Date: Sun, 22 Nov 2009 19:43:26 +0200

 On Sat, Nov 21, 2009 at 09:45:01PM +0000, Matthew Mondor wrote:
 >  restrict bind(2).  The manual page probably should be updated to stress
 >  that an interface name is expected, and that this does not affect the
 >  binding of interfaces, but instead will filter incomming requests
 >  (which is unfortunately harder to really make sure a setup is secure
 >  enough for an admin, however, but as you showed at least the logs
 >  should help).
 >  
 >  That said, it's nice to know that restricting binding is planned for
 >  the next release.  Should this PR remain open until said upgrade, or
 >  should we close it after improving the manual page?
 
 I think this should remain open as the issue of binding to all interfaces is
 still a bug, regardless of the access control based on interfaces. Imagine
 for instance running ntpd(8) on a 24-port switch, which will waste at least
 48 file descriptors.

Prev by Date: Re: port-amd64/42091 (ld devices can't be set up with more than 2^31 sectors)
Next by Date: bin/42363: racoon uses a wrong IPsec-SA that is for different peer
Previous by Thread: Re: bin/23705 (ntpd can not be restricted to certain interfaces)
Next by Thread: Re: bin/23705 (ntpd can not be restricted to certain interfaces)
Indexes:

Home | Main Index | Thread Index | Old Index