Re: non-root ntpd

To: Taylor R Campbell <campbell+netbsd-tech-userlevel%mumble.net@localhost>
Subject: Re: non-root ntpd
From: coypu%sdf.org@localhost
Date: Thu, 29 Jun 2017 17:21:33 +0000

On Thu, Jun 29, 2017 at 01:06:35AM +0000, Taylor R Campbell wrote:
> > Date: Thu, 29 Jun 2017 00:02:24 +0000
> > From: coypu%sdf.org@localhost
> > 
> > we've been able to run ntpd as non-root for a while. this is not the
> > default if you innocently ntpd=yes in rc.conf. it requires
> > /dev/clockctl, and most things have it, even one of the sun2 kernels.
> > 
> > can I change this to become the default, for better default security?
> 
> There's one complication: if your IP address ever changes, then ntpd
> must be restarted.  So it requires a little wiring with, e.g.,
> ifwatchd.  I do this on all my machines, but it is a bit of trouble.
> 
> Ideally we ought to find some way to make it work unprivileged out of
> the box with no trouble, perhaps by always running ifwatchd in tandem,
> or perhaps with an easily audited ntpd-specific supervisor process.

That's probably sufficient reason not to commit it. bummer.

References:
- non-root ntpd
  - From: coypu
- Re: non-root ntpd
  - From: Taylor R Campbell

Prev by Date: Re: non-root ntpd
Next by Date: Re: float128 in libstdc++
Previous by Thread: Re: non-root ntpd
Indexes:

Home | Main Index | Thread Index | Old Index