d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3496c981ac
freebsd-dev/contrib
History
Ian Lepore 3496c981ac Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.

This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.

Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.

Differential Revision:	https://reviews.freebsd.org/D16281
2018-07-19 23:55:29 +00:00
..
amd Fix amq -i timestamp segmentation violation. 2018-06-19 01:33:03 +00:00
apr
apr-util
atf
binutils Add deprecation notice to objdump man page 2018-06-15 17:03:49 +00:00
blacklist Revert 335888 ("Ensure va_list is declared by including stdarg.h.") 2018-07-03 15:48:34 +00:00
bmake Merge bmake-20180512 2018-05-19 00:26:00 +00:00
bsnmp Update bsnmp to version 1.13. This does not bring user-visible changes. 2018-07-03 08:44:40 +00:00
byacc
bzip2
com_err
compiler-rt Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to 2018-06-29 17:51:35 +00:00
cortex-strings Work around a bug in QEMU when loading data with a load pair instruction 2017-08-26 15:08:27 +00:00
dialog
diff
dma Convert cap_enter() < 0 && errno != ENOSYS to caph_enter() < 0. 2018-06-19 23:43:14 +00:00
dtc
ee
elftoolchain Pass the right sizes to malloc() and realloc(). 2018-07-12 18:48:53 +00:00
expat
file Fix file(1) dumpdate reporting for dump(8) files 2018-06-26 18:53:52 +00:00
flex
gcc Fix GCC 4.2.1 to honor --sysroot for includes. 2018-06-27 18:14:33 +00:00
gcclibs
gdb Commit forgotten change in gdb allowing to use libedit 2018-02-06 12:17:03 +00:00
gdtoa
gperf
hyperv/tools hyperv: Add VF bringup scripts and devd rules. 2017-07-31 07:18:15 +00:00
ipfilter loadpoolfile() implements a -R (NORESOLVE) option which is not listed 2017-08-05 06:46:06 +00:00
jemalloc Update jemalloc to version 5.1.0. 2018-05-11 00:32:31 +00:00
ldns Upgrade LDNS to 1.7.0. 2018-05-12 12:00:18 +00:00
ldns-host
less MFV r329552: less v530. 2018-02-19 05:10:22 +00:00
libarchive MFV r328323,328324: 2018-01-24 14:24:17 +00:00
libbegemot Update bsnmp to version 1.13. This does not bring user-visible changes. 2018-07-03 08:44:40 +00:00
libc-pwcache
libc-vis Update vis(3) the latest from NetBSD. 2017-11-28 01:35:28 +00:00
libc++ Upgrade our copies of clang, llvm, lld, lldb, compiler-rt and libc++ to 2018-06-29 17:51:35 +00:00
libcxxrt
libdivsufsort
libexecinfo
libgnuregex
libpcap Re-apply r190640. 2018-05-31 09:11:21 +00:00
libstdc++
libucl
libxo Import libxo-0.9.0: 2018-05-23 01:20:31 +00:00
llvm Pull in r336008 from upstream clang trunk: 2018-07-12 19:02:59 +00:00
lua When the LUA_FLOAT_TYPE != LUA_FLOAT_INT64, we can't reference float 2018-02-23 04:04:18 +00:00
mdocml mdoc(7): Update .Dd for previous commit 2017-12-05 23:06:15 +00:00
mknod
mtree
ncurses
netbsd-tests Stop writing past the end of the buffer in the msgget_limit test. The value 2018-07-19 17:13:46 +00:00
netcat
ngatm
ntp Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 2018-07-19 23:55:29 +00:00
nvi
ofed Use unspecified address family when connecting as a client in 2018-07-18 10:23:30 +00:00
one-true-awk Don't display empty error context. 2017-09-24 05:04:06 +00:00
openbsm auditd(8): register signal handlers interrutibly 2018-07-03 17:37:16 +00:00
opencsd/decoder Import OpenCSD -- an ARM CoreSight(tm) Trace Decode Library. 2018-04-04 12:55:31 +00:00
openpam
openresolv
opie Revert r328492: 2018-01-28 03:16:54 +00:00
pam_modules/pam_passwdqc
pf Re-apply r190640. 2018-05-31 09:11:21 +00:00
pjdfstest
pnpinfo
processor-trace Import Intel Processor Trace decoder library from 2018-03-19 18:59:15 +00:00
sendmail Don't declare union semun in userspace unless _WANT_SEMUN is defined. 2018-03-02 22:32:53 +00:00
serf
smbfs Fix a stack overflow in mount_smbfs when hostname is too long. 2018-06-25 16:42:49 +00:00
sqlite3 Update private sqlite from sqlite3-3.20.0 to sqlite3-3.23.1 2018-05-08 04:51:15 +00:00
subversion Update svn-1.9.7 to 1.10.0. 2018-05-08 04:52:52 +00:00
tcp_wrappers
tcpdump MFV r333668: 2018-05-29 10:29:04 +00:00
tcsh
telnet telnetd(8): Fix dereference of uninitialized value 'IF' 2018-03-16 20:59:56 +00:00
tnftp ftp(1): Use closefrom() instead of individual close()s. 2018-01-29 01:05:57 +00:00
traceroute When using SCTP for sending probe packets, use INIT chunks for payloads 2018-01-27 19:23:42 +00:00
tzcode
tzdata Import tzdata 2018e 2018-05-04 10:17:27 +00:00
unbound Rename all Unbound binaries and man pages from unbound* to local-unbound*. 2018-05-12 17:10:36 +00:00
unvis
vis
wpa MFV r336490: 2018-07-19 20:10:34 +00:00
xz MFV r333779: xz 5.2.4. 2018-05-18 06:10:16 +00:00
zlib MFV: r323381 2017-09-10 01:25:15 +00:00