Date: Fri, 10 Aug 2001 22:22:05 -0700 (PDT) From: Lamont Granquist <lamont@scriptkiddie.org> To: "'freebsd-stable@freebsd.org'" <freebsd-stable@FreeBSD.ORG> Subject: Re: NTPD in upcoming release? Message-ID: <20010810221054.F26163-100000@coredump.scriptkiddie.org> In-Reply-To: <20010809201636.A21157@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 9 Aug 2001, Kris Kennaway wrote: > On Thu, Aug 09, 2001 at 06:44:59PM -0700, Lamont Granquist wrote: > > > > Is 5.0 going to let ntpd run without root permissions? > > I'm not sure how a non-privileged process would be able to adjust the > system clock. Perhaps you could do it with capabilities, although I > don't know if there's one for that yet. How about an ugly hack to ntp_adjtime() and whatever other syscalls ntpd needs to add a blessed GID? That way you run ntpd as, say, nobody/clock and put it into a jail? Its an ugly, ugly, ugly hack that needs to be replaced with something much more robust. I agree. But you know tomorrow you could have security holes in both IIS and ntp released, and some asshole could adapt code red to it with a secondary payload that attacked ntpd servers and executed "rm -rf /" That'd probably really suck. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010810221054.F26163-100000>