Yo David! On Thu, 10 Jul 2025 15:58:15 +0200 David Venhoek <[email protected]> wrote:
> My apologies for the delayed reaction, I was trying to take some time
> to write a well crafted response and then got taken off-guard by the
> rate of messages over the past days.
We are here to help.
> To me, the conclusion on the original question seems to be that
> neither direction is considered a good idea. I don't currently see a
> good other approach that involves gpsd directly, so I think that for
> me finishes the discussion here for now.
Which is why you asked us. And why we told you how to do what you want.
IMHO, the GPSD JSON approach should work for you.
> There is one thing around ntpd-rs that I would like to clarify. We
> chose the design direction where ntpd-rs runs as an unpriviliged
> user, with some limited set of additional os permissions
> (capabilities under linux, but freebsd has something somewhat
> similar).
Yes. Many people try to do that, they almost always realize what a bad
idea it is later. But, your gun, your foot.
> We chose to delegate the task of setting those limited
> permissions up to the system's init system. This approach has worked
> well for us so far, and we are not aware of it giving rise to
> vulnerabilities.
"Limited"? Not really.
George Orwell:
Who controls the past controls the future.
Who controls the present controls the past.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
[email protected] Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
pgplDcvSUsyov.pgp
Description: OpenPGP digital signature
