Fix for Issue #409

Hal Murray hmurray at
Tue Dec 19 19:42:35 UTC 2017

> The question by Richard still stands, though: we should not do anything as
> root that can be done with lesser privileges, so why not defer reading the
> drift file until after we've dropped root?  That would be vastly preferrable
> to any of the other workarounds discussed. 

The original idea was we were going to have a quick release.  What is simple 
to describe seemed like a risky change to me.  I don't know where the drift 
is used during initialization.

But that does bring up an interesting point.  Why do we need root at all?

Are people willing to make the serial ports (or whatever) used by refclocks 
owned by ntp?

My notes in ntpd.c at ENABLE_EARLY_DROPROOT say it doesn't work with SHM or 
NetBSD.  Can we fix the SHM stuff?  I've long been scheming on making the 
ntpd side of SHM read-only but that won't be a quick fix.

There are also comments about the interface scanning stuff not working with 
droproot.  I haven't looked into that.

Richard: Have you tried early droproot?

These are my opinions.  I hate spam.

More information about the devel mailing list