On 23/09/15 07:13, Bastian Bittorf wrote: > * Yousong Zhou <yszhou4t...@gmail.com> [23.09.2015 07:58]: >> In theory, a security sensitive mechanism's dependence on a >> non-reliable timestamp file with access permission nobody:nogroup >> makes little sense to me. How about that we do --dnssec-no-timecheck >> on dnsmasq startup time and notify it of the system time change from >> ntpd hotplug script? > this sounds good to me, but will be another patch. > > should we drop this patch completely or does it still > make sense to deny reading '/etc/dnsmasq.time'? In my humble opinion the startup efficiency improvements alone are worth having and in the short term at least, dnsmasq should not be being fed with its own timestamp.
There will be another email in reply to the other issues. Cheers, Kevin
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
