samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00

History

Andrew Bartlett 18e13224eb ntp_signd: Only allow group access to the ntp signd directory. Existing installations running ntp as group 'ntp' will need to change the permissions on the ntp_signd socket directory (eg PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd) The reason is that allowing other users on the host access to this directory would allow them to potentially spoof time on the network, or attack the password database with a chosen plaintext attack. Permissions should be changed to: ownership root:ntp (if ntp runs as gid ntp) mode 0750 (this is what it will be created as) If the permissions are not changed, Samba will refuse to start the ntp_signd server, and NTP operations will not be signed. As the error is declared fatal, in the future, Samba may totally refused to start. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Nov 12 12:36:30 CET 2012 on sn-devel-104		2012-11-12 12:36:27 +01:00
..
ntp_signd.c	ntp_signd: Only allow group access to the ntp signd directory.	2012-11-12 12:36:27 +01:00
ntp-dev-4.2.5p125.diff	s4: add some useful link and the patch for the ntp_signd support	2008-12-03 17:42:21 +01:00
README	s4: add some useful link and the patch for the ntp_signd support	2008-12-03 17:42:21 +01:00
wscript_build	Introduce system MIT krb5 build with --with-system-mitkrb5 option.	2012-05-23 17:51:50 +03:00

README

Here are some pointers to the needed ntp version.

https://support.ntp.org/bugs/show_bug.cgi?id=1028

The patch against ntp-dev-4.2.5p125
https://support.ntp.org/bugs/attachment.cgi?id=457