Drop root and friends

Hal Murray hmurray at megapathdsl.net
Thu Dec 28 11:55:18 UTC 2017


Inspired by the problem with reading the drift file, I'm scheming about that 
area.

I tried running ntpd as setuid, user ntp.  It died when it tried to open a 
socket.

On Linux, the droproot code keeps cap_sys_nice,cap_sys_time and maybe 
cap_net_bind_service.


So I poked around some more.  setcap is the program that attaches those capabilities to a file.

I tried again.  It also needs cap_ipc_lock to lock memory.

Looks like we can do away with all the drop root stuff on Linux.

Anybody want to tackle the install recipe?  If we want to test ntpd pre-install, we'll have to apply the same magic to $build/main/ntpd/ntpd or just run it as root or ...   I'd vote for maintaining a script that does the magic to a file.  waf install could call it.  We could run it by hand if we want to test without installing.

Does anybody see any problems?

Does anybody run on Linux file systems that don't support capabilities?

I haven't tried refclocks.  I assume they will work if the owner/permissions on the /dev/xxx files are set correctly.

I haven't tried SHM.  man capabilities says CAP_IPC_LOCK covers shmctl.



-- 
These are my opinions.  I hate spam.





More information about the devel mailing list