* Yousong Zhou <yszhou4t...@gmail.com> [23.09.2015 07:58]: > In theory, a security sensitive mechanism's dependence on a > non-reliable timestamp file with access permission nobody:nogroup > makes little sense to me. How about that we do --dnssec-no-timecheck > on dnsmasq startup time and notify it of the system time change from > ntpd hotplug script?
this sounds good to me, but will be another patch. should we drop this patch completely or does it still make sense to deny reading '/etc/dnsmasq.time'? and: of which hotplug script you are talking about? find /etc/hotplug.d -name '*ntp*' = empty > Another idea would be to delegate timestamp update task to a specific > service program like ntpd or procd and later on system startup we set > system time from the specific file. unsure if this is overkill, just for 1 service. thanks for feedback - bye, bastian _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel