Tangle - cookie keys file

Richard Laager rlaager at wiktel.com
Thu Mar 7 17:02:51 UTC 2019


On 3/7/19 6:43 AM, Eric S. Raymond via devel wrote:
> Hal Murray via devel <devel at ntpsec.org>:
>>
>> Where should we put the file used to store the key used to make cookies?  It 
>> gets read at startup and updated daily.
>>
>> Fedora and Debian put things like that in /var/lib/ntp/
>> NetBSD and FreeBSD put them in /var/db/ntp/
> 
> Given that we don't have any intrinsic technical reasons to choose one
> over the other, I'd say this: Linux has the bigger userbase, so Linux
> wins.

Either /var/lib/ntp, or as suggested in a previous message, /var/NTP
seems fine for the default. The important part is discussed below.

>> Can we and/or should we make the default file names OS dependent?
> 
> I recommend trying to avoid that.  Follow the Filesystem Hierarchy
> Standard and let other OSes be their local packagers' problem.

In any event, this should be a configurable location in waf, like other
directories. Then, if you want to try to do platform default detection,
write that in waf configure. That is the standard way to handle such things.

>> What should the system do if it can't read the file?  Crash?  Blunder on in 
>> no-NTS mode?  Make one?  ...
> 
> I think blundering on in no-NTS mode would be wrong unless NTS has
> been explicitly disabled in the config.  An iron rule: Enabled
> security measures should fail noisily, not quietly, so a human will
> take action.

Agreed. If you cannot continue, log an error and exit with a failure
status. This would happen if the key file exists but cannot be read
(e.g. open(..., O_RDONLY) fails with other than ENOENT), the file exists
but its contents are missing or invalid, or if it doesn't exist and
cannot be written.

>> If it crashes, where do we get the first one?
> 
> The fact that this question needs to be asked implies that the right
> answer to the previous one is "Make one and log a warning".

I think it should be "make one and log an info message". The key being
missing isn't really a problem worthy of a warning, is it? It's going to
happen on every first install/upgrade-to-NTS.

-- 
Richard


More information about the devel mailing list