UNS: Re: NTP security hole CVE-2013-5211?

Eugene Grosbein eugen at grosbein.net
Tue Jan 14 14:03:58 UTC 2014


On 14.01.2014 20:11, Dag-Erling Smørgrav wrote:
> Garrett Wollman <wollman at bimajority.org> writes:
>> For a "pure" client, I would suggest "restrict default ignore" ought
>> to be the norm.  (Followed by entries to unrestrict localhost over v4
>> and v6.)
> 
> Pure clients shouldn't use ntpd(8).  They should use sntp(8) or a
> lightweight NTP client like ttsntpd.

$ man sntp
No manual entry for sntp
$ whereis sntp
sntp: /usr/sbin/sntp

That's first time I see a reference to sntp(8) for FreeBSD
while using it since 2.2.5-RELEASE.

Is it documented somewhere?

Eugene Grosbein



More information about the freebsd-security mailing list