Re: chrooted non-priv ntpd

From: David Schultz (dschultz@uclink.Berkeley.EDU)
Date: 02/16/03 

Date: Sat, 15 Feb 2003 22:22:24 -0800
From: David Schultz <dschultz@uclink.Berkeley.EDU>
To: John Hay <jhay@icomtek.csir.co.za>

Thus spake John Hay <jhay@icomtek.csir.co.za>:
> Well I don't want to comment on the chroot part, but did you also bring
> these problems under the attention of the ntp people? I can't remember
> having seen anything about it on bugs@ntp.org. Preferably with patches
> against the development version. :-)))

I sent a note to David Mills back in October, but I didn't get a
response. Most of the implementation problems (in my eyes,
anyway) are going to be a major pain in the *** to fix, e.g. the
hundreds of uses of sprintf() and strcpy(). I assume people know
about these, and there's a reason why nobody has bothered to fix
them.

The crypto problem is probably not known, but simpler to fix.
There's basically an off-by-one error where the last key[1] in the
session key sequence generated by ntpd isn't based on the shared
secret from the Diffie-Hellman exchange; it's just a random value
from a PRNG seeded off of the system time. I expect it would be
nearly impossible to exploit, but I could be wrong. One of these
days I'll see if I still have my notes on ntpd and send off a
report to bugs@ntp.org.

[1] IIRC, the keys are used in reverse order for the same
        reason that you use S/Key passwords in reverse order,
        so it's really the first key in the sequence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message