From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461) Description of problem: dateconfig provides unsecure configuration for ntpd, which allows use of ntpdc from any other host to reconfigure ntpd Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.Preconditions: installed NTP and Dataconfig packages. 2.Use dateconfig to configure ntp (enter time server information) 3.Start ntpd 4.Connect to ntpd from "malicious" host to your host. (>ntpdc your.host.com) 5.Add peer/server (ntpdc>addserver malicious.server.com) 6.For key enter any number (for ex: 1) 7.For password enter any password (for ex: dkdk) 8.Review ntpd configuration (ntpdc>peers) 9.Unconfigure correct timeserver: (ntpdc>unconfig time.server.com) 10.Review ntpd configuration (ntpdc>peers) Actual Results: Time will be synchronized to the malicious time server. Expected Results: User should not be able to change configuration ntpd from other hosts,unless allowed to. Additional info:
Well, dateconfig just modifies the ntp.conf file and then calls 'service ntpd start'. The behavior you are describing is caused by ntpdc (which is part of the NTP RPM), not dateconfig. Changing component of the bug report to 'ntp'.
As reported: _dateconfig_ provides _unsecure_ configuration for ntpd, which allows the use of ntpdc from any other host to reconfigure ntpd. This means: you can modify the timeserver remotly!!!!
I think authenticate yes would be the best answer
Ok, I've modified dateconfig to only change the 'server' line in your ntp.conf file. The dateconfig in Rawhide ( ftp://ftp.redhat.com/pub/redhat/linux/rawhide/i386/RedHat/RPMS/dateconfig-0.7.5-2.i386.rpm) does the right thing. If you have already set up an insecure configuration of ntp (or if the default ntp configuration is insecure) then dateconfig will not change that value. Dateconfig will only change the name of the server in the file.
Correction: ftp://ftp.redhat.com/pub/redhat/linux/rawhide/i386/RedHat/RPMS/dateconfig-0.7.5-3.i386.rpm Not dateconfig-0.7.5-2.i386.rpm. Typo on my part.
dateconfig-0.7.5-3 is available for IA-64 as well at: ftp://ftp.redhat.com/pub/redhat/linux/rawhide/ia64/RedHat/RPMS/