disable_dynamic_updates report
Eric S. Raymond
esr at thyrsus.com
Thu Aug 29 20:46:08 UTC 2019
Ian Bruene via devel <devel at ntpsec.org>:
>
> The other day I determined that the flag disable_dynamic_updates (currently
> in the io_data struct) is either not properly initialized, or is blocking
> off a large chunk of dead code. After reading through the relevant code and
> looking through the history I think it is the former:
>
> The flag is only set (to true) if ENABLE_EARLY_DROPROOT is defined, *and*
> sandbox() returns notroot==true. If either of these are not the case then
> the flag is left floating. From associated comments NetBSD does not allow
> ENABLE_EARLY_DROPROOT, therefore any NetBSD build will leave the flag
> floating.
>
> It has always been the case that this flag is improperly set; as far back as
> the earliest available tag in the repo (NTP_4_2_7P455).
>
> The original #ifdef guarded set was removed somewhere between the tag
> git-conversion and NTPsec_0_9_0. At this point no set or initialization
> existed anywhere in the codebase. However the flag was still checked despite
> floating.
>
> The #ifdef ENABLE_EARLY_DROPROOT guarded block was added between tags
> NTPsec_0_9_4 and NTPsec_0_9_5, and has remained in that form since. This
> coincides with converting the flag from an int to a bool. The only change
> since then was when the flag was shunted from a global to io_data.
By "floating", you mean uninnitialized? In C that's going to mean it's false
It sounds to me like the flag migjht be stet correctly and doing something real,
if the disable_dynanic_lookups code disables code that needs root access.
--
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
More information about the devel
mailing list