Hello Brian, Wednesday, October 24, 2007, 3:28:36 PM, you wrote:
B> OpenNTPD runs as a 'daemon,' yes, but it does so using privilege B> separation and other goodies. The network code runs as a normal user, B> isolated from other users. This is superior to running rdate AS ROOT B> from a cronjob. OpenNTPD does not open any TCP or UDP ports by default. B> It is true that rdate has about 63% less lines of code than ntpd and is B> older, and may have had more code audits performed; However, ntpd is new B> code, written with security in mind, runs as a normal user (privilege B> separated for the most part) and has superior time keeping ability. B> Your advice about not running a daemon if it's possible to do the task B> otherwise may be true with a (bloated) daemon such as ntp.org ntpd, B> however, with OpenNTPD the tables are turned. It is far safer to run B> the 'daemon' than to perform the task otherwise. B> That being said, it is up to the individual users to decide what to do. B> Hopefully this above explanation will help those who don't necessarily B> understand the risks of running programs as root vice daemons which B> execute code with proper separation of privileges. Thank you very much for that (valuable) reply! BTW, this is an argument for making an OpenNTPD ntpdate tool or adding one_time_synchronization functionality into ntpd. :) -- Best regards, Boris mailto:[EMAIL PROTECTED]
