The Samba-Bugzilla – Bug 9379
[SECURITY] ntp_signd permissions are too broad
Last modified: 2012-11-12 10:45:53 UTC
Created attachment 8180 [details]
Move the ntp socket to var/lib
The permissions on the var/run/ntp_signd socket are to broad, allowing all users on the system the ability to either spoof time, or obtain MD5(unicodePwd) for machine trust accounts.
These patches move the socket to var/lib/ntp_signd and require the administrator to chgrp it to 'ntp' if their NTP implementation runs as a non-privileged user.
(This is required because /var/run/ may be wiped each boot)
Created attachment 8181 [details]
Only allow group (eg ntp) access to the ntp_signd socket.
Assigning to Karolin for v4-0-test
Pushed to autobuild-v4-0-test.
Text for the WHATSNEW:
With this release candidate the location of the socket samba accepts connections from NTPd has changed, as has the enforced permissions.
This means the ntp.conf will need to change from (eg)
To use the socket with ntp on a system with an ntp user and group, you must run:
chgrp ntp /usr/local/samba/var/lib/ntp_signd/
(In reply to comment #4)
> Text for the WHATSNEW:
> With this release candidate the location of the socket samba accepts
> connections from NTPd has changed, as has the enforced permissions.
> This means the ntp.conf will need to change from (eg)
> ntpsigndsocket /usr/local/samba/var/run/ntp_signd/
> ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/
> To use the socket with ntp on a system with an ntp user and group, you must
> chgrp ntp /usr/local/samba/var/lib/ntp_signd/
Added and pushed.
Pushed to v4-0-test.
Closing out bug report.