ntpd vulnerabilities

[Roger Marquis]

Dag-Erling Sm??rgrav wrote:
>I absolutely agree.  If we replace the NTP suite, it will be with a
>minimal SNTP client, although no decision has been made.

For now openntpd is the recommended solution but a more minimal client
might be preferable depending on implementation specifics.  The only
feature missing from openntpd that we could use is a way to set the
egress interface.  Openntpd's "listen on" directive only defines the
ingress tcp adddress, outgoing queries still use the server's primary ip.

Roger Marquis