disable_dynamic_updates report
Ian Bruene
ianbruene at gmail.com
Thu Aug 29 20:21:43 UTC 2019
The other day I determined that the flag disable_dynamic_updates
(currently in the io_data struct) is either not properly initialized, or
is blocking off a large chunk of dead code. After reading through the
relevant code and looking through the history I think it is the former:
The flag is only set (to true) if ENABLE_EARLY_DROPROOT is defined,
*and* sandbox() returns notroot==true. If either of these are not the
case then the flag is left floating. From associated comments NetBSD
does not allow ENABLE_EARLY_DROPROOT, therefore any NetBSD build will
leave the flag floating.
It has always been the case that this flag is improperly set; as far
back as the earliest available tag in the repo (NTP_4_2_7P455).
The original #ifdef guarded set was removed somewhere between the tag
git-conversion and NTPsec_0_9_0. At this point no set or initialization
existed anywhere in the codebase. However the flag was still checked
despite floating.
The #ifdef ENABLE_EARLY_DROPROOT guarded block was added between tags
NTPsec_0_9_4 and NTPsec_0_9_5, and has remained in that form since. This
coincides with converting the flag from an int to a bool. The only
change since then was when the flag was shunted from a global to io_data.
--
/"In the end; what separates a Man, from a Slave? Money? Power? No. A
Man Chooses, a Slave Obeys."/ -- Andrew Ryan
/"Utopia cannot precede the Utopian. It will exist the moment we are fit
to occupy it."/ -- Sophia Lamb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190829/bef428c0/attachment.htm>
More information about the devel
mailing list