Bug 2170

Summary: Default /etc/ntp.conf permits easy remote control of XNTPD
Product: [Retired] Red Hat Raw Hide Reporter: Chris Siebenmann <cks-rhbugzilla>
Component: xntp3Assignee: Jeff Johnson <jbj>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-04-15 00:21:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Siebenmann 1999-04-13 21:11:11 UTC 
The default /etc/ntp.conf specifies a key file and key
IDs for all three sorts of keys; the default key file
contains default/sample keys. The net effect is that a
NTP server started without commenting out this section
of the ntp.conf file will allow anyone on the Internet
who knows the default /etc/ntp/keys contents -- ie most
everyone who can read an RPM file somehow -- to perform
remote control of the NTP daemon. This allows anyone on
the Internet to control the local clock (delete all the
configured peers, add a set of peers under your control
that feeds the target system bogus time), among other
things.

 I strongly urge RedHat not to ship an /etc/ntp.conf
with keys enabled. With the requestkey, controlkey,
and trustedkey statements commented out, the daemon
will not allow this remote control. (I would suggest
commenting out the line that specifies a key file too.)
I'd also suggest a strong comment in both files that one
should NOT use the default values, so people aren't
tempted to just uncomment things and run that way.
Comment 1 Cristian Gafton 1999-04-15 00:21:59 UTC 
Done