I just pushed droproot for FreeBSD
Hal Murray
hmurray at megapathdsl.net
Sat Mar 28 07:16:07 UTC 2020
Anybody running on FreeBSD?
I've had an eye on that hole in our code for a long time and finally stumbled
into how to do it.
The trick is that you have to load a kernel module: mac_ntpd
That adds 2 new slots to sysctl:
security.mac.ntpd.uid: 123
security.mac.ntpd.enabled: 1
If you are not root, but the module is loaded and enabled and your userid
matches, you can fiddle the clock.
123 is conveniently setup to be user ntpd so adding -u ntpd:ntpd to ntpd's
command line works as expected, but only if the module is loaded.
The startup script in /etc/rc.d/ntpd sets the user to ntpd:ntpd before running
ntpd, but only if your config file doesn't have any files that might not work
with a jail, or something like that. That failed for me with network
permission problems. I didn't investigate.
You can load the module with kldload or by adding
kld_list="mac_ntpd"
to your /etc/rc.conf and rebooting.
--
These are my opinions. I hate spam.
More information about the devel
mailing list