summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorRenato Botelho <garga@FreeBSD.org>2014-01-07 08:58:33 -0200
committerRenato Botelho <garga@FreeBSD.org>2014-01-07 08:58:33 -0200
commit6b6607316481aacaa055f8e4bce2ce1e520d3b1b (patch)
tree8db21a44b18c4cdb06631885e5d22b15bc37d798 /etc
parentfe56417fe45ed9c78d15fbbb614d0b4088314eed (diff)
downloadpfsense-6b6607316481aacaa055f8e4bce2ce1e520d3b1b.zip
pfsense-6b6607316481aacaa055f8e4bce2ce1e520d3b1b.tar.gz
Add 'limited' to ntpd restrict list to workaround CVE-2013-5211. It fixes #3384
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/system.inc4
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 1dfbeb7..cbc5a41 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -1388,8 +1388,8 @@ function system_ntp_configure($start_ntpd=true) {
$ntpcfg .= "statsdir {$statsdir}\n";
$ntpcfg .= "logconfig =syncall +clockall\n";
$ntpcfg .= "driftfile {$driftfile}\n";
- $ntpcfg .= "restrict default kod nomodify notrap nopeer\n";
- $ntpcfg .= "restrict -6 default kod nomodify notrap nopeer\n";
+ $ntpcfg .= "restrict default kod limited nomodify notrap nopeer\n";
+ $ntpcfg .= "restrict -6 default kod limited nomodify notrap nopeer\n";
if (empty($config['ntpd']['interface']))
if (is_array($config['installedpackages']['openntpd']) && !empty($config['installedpackages']['openntpd']['config'][0]['interface']))
OpenPOWER on IntegriCloud