What's magic about /tmp/? ntpd can't find UNIX socket
Hal Murray
halmurray at sonic.net
Thu Oct 19 20:42:08 UTC 2023
devel at ntpsec.org said:
> Can you provide:
> ~ $ ls -ld /tmp drwxrwxrwt 12 root root 580 Oct 19 11:00 /tmp
srwxrwxrwx 1 murray murray 0 Oct 18 20:51 /tmp/fake-samba-socket/socket
drwxrwxrwx 2 ntp ntp 60 Oct 18 20:51 /tmp/fake-samba-socket/
drwxrwxrwt 19 root root 500 Oct 19 13:19 /tmp/
Changing the owner to ntp didn't make any difference.
> And:
> ~ $ mount | fgrep /tmp tmpfs on /tmp type tmpfs (rw,nosuid,relatime,size=3D20
> 97152k)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,nr_inodes=1048576,inode64)
We may be shooting ourselves in the foot. There is a lot of stuff in
ntp_sandbox. When we droproot, we retain privs for setting the clock. Is
there a priv for accessing /tmp/? I just scanned the list in the
capabilities(7) man page and didn't see anything but I could easily have
missed something.
--
These are my opinions. I hate spam.
More information about the devel
mailing list