On 2020-05-12T09:05+0200, Miroslav Lichvar wrote:
On Mon, May 11, 2020 at 07:05:21PM +0200, Vincent Blut wrote:From a quick glance, the rest seems to make sense.There is an issue with the Unix domain socket that I missed before. It would need to be bound and have the owner changed before dropping the root privileges to have the root:chrony owner and avoid the DAC override for chronyc running under root.
Indeed, good catch!
signature.asc
Description: PGP signature