On Mon, Feb 09, 2015 at 10:37:01PM -0600, Brent Cook wrote:
> Since openntpd-portable allows configuring the privsep user, do a
> couple of sanity checks at runtime to make sure the privsep user wasn't
> configured as root.
>
> This might be overkill.
>
I wouldn't like if ntpd has anything special here. If it is for
portable, it should be in portable. If it is useful for base, please
do it for all of the daemons. I actually think that it is overkill
and is not needed in base.
Reyk
> ---
> src/usr.sbin/ntpd/ntp.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c
> index 625364a..c8f095e 100644
> --- a/src/usr.sbin/ntpd/ntp.c
> +++ b/src/usr.sbin/ntpd/ntp.c
> @@ -145,6 +145,12 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf
> *nconf,
> conf = nconf;
> setup_listeners(se, conf, &listener_cnt);
>
> + if (pw->pw_uid == 0 || pw->pw_gid == 0)
> + fatal("privsep user cannot be root");
> +
> + if (pw->pw_uid == geteuid() || pw->pw_gid == getegid())
> + fatal("privsep user cannot be the privileged user");
> +
> if (setgroups(1, &pw->pw_gid) ||
> setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
> setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
> --
> 1.9.1
>
--
