From owner-freebsd-stable Fri Aug 10 22:21:48 2001 Delivered-To: freebsd-stable@freebsd.org Received: from warez.scriptkiddie.org (uswest-dsl-142-38.cortland.com [209.162.142.38]) by hub.freebsd.org (Postfix) with ESMTP id A675137B403 for ; Fri, 10 Aug 2001 22:21:46 -0700 (PDT) (envelope-from lamont@scriptkiddie.org) Received: from [192.168.69.11] (unknown [192.168.69.11]) by warez.scriptkiddie.org (Postfix) with ESMTP id 7ADAE62D01 for ; Fri, 10 Aug 2001 22:22:01 -0700 (PDT) Date: Fri, 10 Aug 2001 22:22:05 -0700 (PDT) From: Lamont Granquist To: "'freebsd-stable@freebsd.org'" Subject: Re: NTPD in upcoming release? In-Reply-To: <20010809201636.A21157@xor.obsecurity.org> Message-ID: <20010810221054.F26163-100000@coredump.scriptkiddie.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 9 Aug 2001, Kris Kennaway wrote: > On Thu, Aug 09, 2001 at 06:44:59PM -0700, Lamont Granquist wrote: > > > > Is 5.0 going to let ntpd run without root permissions? > > I'm not sure how a non-privileged process would be able to adjust the > system clock. Perhaps you could do it with capabilities, although I > don't know if there's one for that yet. How about an ugly hack to ntp_adjtime() and whatever other syscalls ntpd needs to add a blessed GID? That way you run ntpd as, say, nobody/clock and put it into a jail? Its an ugly, ugly, ugly hack that needs to be replaced with something much more robust. I agree. But you know tomorrow you could have security holes in both IIS and ntp released, and some asshole could adapt code red to it with a secondary payload that attacked ntpd servers and executed "rm -rf /" That'd probably really suck. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message