Following a new security vulnerability in the Network Time Protocol software package, Apple has provided a software update for Mountain Lion and newer versions of OS X.
As usual, the older versions of OS X that one may be stuck with (because the hardware does not support newer version, because one needs Rosetta, …) are not covered by the security update.
My questions are:
is disabling “set date and time automatically” in Software Preferences enough to ensure that ntpd is not running?
what might break if the ntdp binary was simply deleted for safety on OS X Snow Leopard or Lion?
In doubt I might use these instructions to limit the scope of ntpd without completely disabling/deleting it, but in this case there remains the risk of getting it wrong and leaving ntpd exposed.
Aucun commentaire:
Enregistrer un commentaire