devel@ntpsec.org said: > Can you provide: > ~ $ ls -ld /tmp drwxrwxrwt 12 root root 580 Oct 19 11:00 /tmp
srwxrwxrwx 1 murray murray 0 Oct 18 20:51 /tmp/fake-samba-socket/socket drwxrwxrwx 2 ntp ntp 60 Oct 18 20:51 /tmp/fake-samba-socket/ drwxrwxrwt 19 root root 500 Oct 19 13:19 /tmp/ Changing the owner to ntp didn't make any difference. > And: > ~ $ mount | fgrep /tmp tmpfs on /tmp type tmpfs (rw,nosuid,relatime,size=3D20 > 97152k) tmpfs on /tmp type tmpfs (rw,nosuid,nodev,nr_inodes=1048576,inode64) We may be shooting ourselves in the foot. There is a lot of stuff in ntp_sandbox. When we droproot, we retain privs for setting the clock. Is there a priv for accessing /tmp/? I just scanned the list in the capabilities(7) man page and didn't see anything but I could easily have missed something. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel