The following reply was made to PR bin/35479; it has been noted by GNATS.

From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@NetBSD.org, gnats-admin@netbsd.org,
	netbsd-bugs@netbsd.org, djv@bedford.net
Cc: 
Subject: Re: bin/35479: /usr/sbin/timedc fails
Date: Thu, 25 Jan 2007 17:29:38 -0500

 On Jan 25, 10:10pm, christianbiere@gmx.de (Christian Biere) wrote:
 -- Subject: Re: bin/35479: /usr/sbin/timedc fails
 
 | The following reply was made to PR bin/35479; it has been noted by GNATS.
 | 
 | From: Christian Biere <christianbiere@gmx.de>
 | To: gnats-bugs@NetBSD.org, netbsd-bugs@NetBSD.org
 | Cc: 
 | Subject: Re: bin/35479: /usr/sbin/timedc fails
 | Date: Thu, 25 Jan 2007 23:16:21 +0100
 | 
 |  Woodchuck wrote:
 |  > In other words, the OpenBSD hosts are *rejecting* a connection attempt
 |  > from a privileged socket.  That makes a certain kind of paranoid sense.
 |  
 |  I don't see any such checks in code. Are you sure it's not just the
 |  firewall? Also packets from unprivileged ports are certainly not more
 |  trustworthy than those from privileged ports. If you want to differ at
 |  all than it's rather vice-versa.
 |  
 |  > I notice that timedc is setuid 0 on NetBSD, (obviously, to get that
 |  > privileged socket), but is not setuid on OpenBSD (which uses an unprivileged
 |  > one).
 |  
 |  No, it's not just for this socket but rather for the raw socket.
 |  
 |  > If an unprivileged socket is appropriate, then NetBSD could also
 |  > lose the setuid property, generally a good thing to lose if unnecessary.
 |  
 |  Can you use timedc as non-root on OpenBSD at all? I would think there's no
 |  need to but I doubt not dropping privileges at all is better.
 
 Plus you don't want random people forcing elections or even bogging down
 the time server.
 
 christos