diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-01-07 08:58:33 -0200 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-01-07 08:58:48 -0200 |
| commit | 51922cb793b83bf7d22fdaa47205fd59b4d70e87 (patch) | |
| tree | 2b8ddad22a004b1906302495faea9ebe02ed9966 | |
| parent | 7c2ea0cc224e61adad1ffa14b23b8e4213c06f86 (diff) | |
| download | pfsense-51922cb793b83bf7d22fdaa47205fd59b4d70e87.zip pfsense-51922cb793b83bf7d22fdaa47205fd59b4d70e87.tar.gz | |
Add 'limited' to ntpd restrict list to workaround CVE-2013-5211. It fixes #3384
| -rw-r--r-- | etc/inc/system.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 58408b6..6cc7724 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1315,8 +1315,8 @@ function system_ntp_configure($start_ntpd=true) { $ntpcfg .= "statsdir {$statsdir}\n"; $ntpcfg .= "logconfig =syncall +clockall\n"; $ntpcfg .= "driftfile {$driftfile}\n"; - $ntpcfg .= "restrict default kod nomodify notrap nopeer\n"; - $ntpcfg .= "restrict -6 default kod nomodify notrap nopeer\n"; + $ntpcfg .= "restrict default kod limited nomodify notrap nopeer\n"; + $ntpcfg .= "restrict -6 default kod limited nomodify notrap nopeer\n"; if (empty($config['ntpd']['interface'])) if (is_array($config['installedpackages']['openntpd']) && !empty($config['installedpackages']['openntpd']['config'][0]['interface'])) |
