Page MenuHomeFreeBSD
Differential D48191

ntpd: Use the ntpd -u option in preference to the rc su plumbing
ClosedPublic
Actions

Authored by cy on Dec 24 2024, 3:39 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Feb 25, 8:27 PM
Unknown Object (File)
Tue, Feb 18, 11:03 PM
Unknown Object (File)
Feb 11 2025, 5:33 AM
Unknown Object (File)
Feb 6 2025, 7:28 PM
Unknown Object (File)
Feb 5 2025, 6:24 PM
Unknown Object (File)
Feb 4 2025, 5:17 AM
Unknown Object (File)
Jan 31 2025, 9:35 AM
Unknown Object (File)
Jan 27 2025, 10:58 AM
View All 16 Files
Subscribers
ziaee

Details

Reviewers
imp
emaste
markj
des
olce
Commits
rG92c834c6980d: ntpd: Use the ntpd -u option in preference to the rc su plumbing
rG1a241a911dc8: ntpd: Use the ntpd -u option in preference to the rc su plumbing
rG521f66715afb: ntpd: Use the ntpd -u option in preference to the rc su plumbing
Summary

Using the rc plumbing to setuid(2) is preferred as it allows the user
to use the -i option in ntpd_flags to chroot ntpd.

Chrooting ntpd by default will be a 2025 project.

MFC after: 1 week

Test Plan

Running here for a couple of weeks.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

cy requested review of this revision.Dec 24 2024, 3:39 PM
cy created this revision.
cy edited the summary of this revision. (Show Details)
markj added inline comments.Dec 24 2024, 3:43 PM
libexec/rc/rc.d/ntpd
107

Why unset it?

113

Now the assignment to driftopt in the can_run_nonroot case above has no effect.

cy marked an inline comment as done.Dec 24 2024, 5:38 PM

This has been simplified. Will upload it.

libexec/rc/rc.d/ntpd
107

ntpd_user was tested in an earlier version. This is redundant now.

113

This first draft is overly complex for what needs to be done.

cy updated this revision to Diff 148373.Dec 24 2024, 5:53 PM
cy marked an inline comment as done.

This is a much simplified patch. Plus a comment why we need to unset ntpd_user because rc.subr will use that to su(1) for us and we don't want this behavior. We want ntpd to setuid() itself.

markj added inline comments.Dec 25 2024, 5:41 PM
libexec/rc/rc.d/ntpd
121

I'd explain further that this is in order to make the -i option work.

markj accepted this revision.Dec 25 2024, 5:41 PM
This revision is now accepted and ready to land.Dec 25 2024, 5:41 PM
ziaee added a subscriber: ziaee.Dec 30 2024, 8:21 AM
Closed by commit rG521f66715afb: ntpd: Use the ntpd -u option in preference to the rc su plumbing (authored by cy). · Explain WhyTue, Feb 18, 5:12 PM
This revision was automatically updated to reflect the committed changes.
cy added a commit: rG521f66715afb: ntpd: Use the ntpd -u option in preference to the rc su plumbing.
cy added a commit: rG1a241a911dc8: ntpd: Use the ntpd -u option in preference to the rc su plumbing.Tue, Feb 25, 12:38 AM
cy added a commit: rG92c834c6980d: ntpd: Use the ntpd -u option in preference to the rc su plumbing.
cy added a reverting change: rG5ca7754519e8: Revert "ntpd: Use the ntpd -u option in preference to the rc su plumbing".Tue, Mar 11, 5:58 PM
cy added a reverting change: rG94f414086075: Revert "ntpd: Use the ntpd -u option in preference to the rc su plumbing".
cy added a reverting change: rG067cf605f884: Revert "ntpd: Use the ntpd -u option in preference to the rc su plumbing".Tue, Mar 11, 6:00 PM

Revision Contents
Changeset List

PathSize
libexec/
rc/
rc.d/
9 lines

Diff 151150

View Options

libexec/rc/rc.d/ntpd

Loading...