freebsd-dev

History

Ian Lepore 3496c981ac Make it possible to run ntpd as a non-root user, add ntpd uid and gid. Code analysis and runtime analysis using truss(8) indicate that the only privileged operations performed by ntpd are adjusting system time, and (re-)binding to privileged UDP port 123. These changes add a new mac(4) policy module, mac_ntpd(4), which grants just those privileges to any process running with uid 123. This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes them the owner of the /var/db/ntp directory, so that it can be used as a location where the non-privileged daemon can write files such as the driftfile, and any optional logfile or stats files. Because there are so many ways to configure ntpd, the question of how to configure it to run without root privs can be a bit complex, so that will be addressed in a separate commit. These changes are just what's required to grant the limited subset of privs to ntpd, and the small change to ntpd to prevent it from exiting with an error if running as non-root. Differential Revision: https://reviews.freebsd.org/D16281		2018-07-19 23:55:29 +00:00
..
check_y2k.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
cmd_args.c	MFV ntp 4.2.8p2 (r281348)	2015-05-04 04:45:59 +00:00
complete.conf.in	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
declcond.h	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
invoke-ntp.conf.menu	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
invoke-ntp.conf.texi	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
invoke-ntp.keys.menu	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
invoke-ntp.keys.texi	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
invoke-ntpd.menu	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
invoke-ntpd.texi	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
jupiter.h
keyword-gen-utd	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
keyword-gen.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
Makefile.am	MFV r315791: ntp 4.2.8p10.	2017-03-23 22:06:06 +00:00
Makefile.in	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_config.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_control.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_crypto.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_filegen.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
ntp_io.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_keyword.h	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_leapsec.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_leapsec.h	MFV ntp-4.2.8p3 (r284990).	2015-07-05 15:42:16 +00:00
ntp_loopfilter.c	MFV r315791: ntp 4.2.8p10.	2017-03-23 22:06:06 +00:00
ntp_monitor.c	MFV ntp-4.2.8p4 (r289715)	2015-10-22 19:42:57 +00:00
ntp_parser.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_parser.h	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_peer.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_prio_q.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
ntp_proto.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_refclock.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_request.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_restrict.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_scanner.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp_scanner.h	MFV ntp-4.2.8p3 (r284990).	2015-07-05 15:42:16 +00:00
ntp_signd.c	MFV r293415:	2016-01-08 15:53:48 +00:00
ntp_timer.c	MFV r298691:	2016-04-27 07:46:38 +00:00
ntp_util.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.conf.5man	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.conf.5mdoc	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.conf.def	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.conf.html	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.conf.man.in	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.conf.mdoc.in	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.conf.texi	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
ntp.keys.5man	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.keys.5mdoc	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.keys.def	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.keys.html	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.keys.man.in	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.keys.mdoc.in	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntp.keys.texi	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
ntpd-opts.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntpd-opts.def	MFV ntp-4.2.8p4 (r289715)	2015-10-22 19:42:57 +00:00
ntpd-opts.h	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntpd.1ntpdman	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntpd.1ntpdmdoc	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntpd.c	Make it possible to run ntpd as a non-root user, add ntpd uid and gid.	2018-07-19 23:55:29 +00:00
ntpd.html	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntpd.man.in	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntpd.mdoc.in	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ntpd.texi	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
ntpdbase-opts.def	MFV ntp 4.2.8p2 (r281348)	2015-05-04 04:45:59 +00:00
ntpsim.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
ppsapi_timepps.h
rc_cmdlength.c	MFV ntp-4.2.8p4 (r289715)	2015-10-22 19:42:57 +00:00
refclock_acts.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_arbiter.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_arc.c	MFV ntp-4.2.8p4 (r289715)	2015-10-22 19:42:57 +00:00
refclock_as2201.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_atom.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_bancomm.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_chronolog.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_chu.c	MFV r294491: ntp 4.2.8p6.	2016-01-22 07:32:39 +00:00
refclock_conf.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_datum.c	MFV r315791: ntp 4.2.8p10.	2017-03-23 22:06:06 +00:00
refclock_dumbclock.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_fg.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_gpsdjson.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
refclock_gpsvme.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_heath.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_hopfpci.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_hopfser.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_hpgps.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_irig.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_jjy.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
refclock_jupiter.c	MFV r308954:	2016-11-22 08:27:49 +00:00
refclock_leitch.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_local.c	MFV r293415:	2016-01-08 15:53:48 +00:00
refclock_msfees.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_mx4200.c	MFV r315791: ntp 4.2.8p10.	2017-03-23 22:06:06 +00:00
refclock_neoclock4x.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_nmea.c	MFV r315791: ntp 4.2.8p10.	2017-03-23 22:06:06 +00:00
refclock_oncore.c	MFV r315791: ntp 4.2.8p10.	2017-03-23 22:06:06 +00:00
refclock_palisade.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
refclock_palisade.h	MFV ntp 4.2.8p2 (r281348)	2015-05-04 04:45:59 +00:00
refclock_parse.c	MFV r330102: ntp 4.2.8p11	2018-02-28 07:59:55 +00:00
refclock_pcf.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_pst.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_ripencc.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_shm.c	MFV r294491: ntp 4.2.8p6.	2016-01-22 07:32:39 +00:00
refclock_tpro.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_true.c	MFV r293415:	2016-01-08 15:53:48 +00:00
refclock_tsyncpci.c	MFV r293415:	2016-01-08 15:53:48 +00:00
refclock_tt560.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_ulink.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_wwv.c	MFV ntp-4.2.8p4 (r289715)	2015-10-22 19:42:57 +00:00
refclock_wwvb.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00
refclock_zyfer.c	MFV ntp 4.2.8p1 (r258945, r275970, r276091, r276092, r276093, r278284)	2015-03-30 13:30:15 +00:00