diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2014-01-07 08:58:33 -0200 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2014-01-07 08:58:33 -0200 |
| commit | 6b6607316481aacaa055f8e4bce2ce1e520d3b1b (patch) | |
| tree | 8db21a44b18c4cdb06631885e5d22b15bc37d798 /etc | |
| parent | fe56417fe45ed9c78d15fbbb614d0b4088314eed (diff) | |
| download | pfsense-6b6607316481aacaa055f8e4bce2ce1e520d3b1b.zip pfsense-6b6607316481aacaa055f8e4bce2ce1e520d3b1b.tar.gz | |
Add 'limited' to ntpd restrict list to workaround CVE-2013-5211. It fixes #3384
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/system.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 1dfbeb7..cbc5a41 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -1388,8 +1388,8 @@ function system_ntp_configure($start_ntpd=true) { $ntpcfg .= "statsdir {$statsdir}\n"; $ntpcfg .= "logconfig =syncall +clockall\n"; $ntpcfg .= "driftfile {$driftfile}\n"; - $ntpcfg .= "restrict default kod nomodify notrap nopeer\n"; - $ntpcfg .= "restrict -6 default kod nomodify notrap nopeer\n"; + $ntpcfg .= "restrict default kod limited nomodify notrap nopeer\n"; + $ntpcfg .= "restrict -6 default kod limited nomodify notrap nopeer\n"; if (empty($config['ntpd']['interface'])) if (is_array($config['installedpackages']['openntpd']) && !empty($config['installedpackages']['openntpd']['config'][0]['interface'])) |
