On Mon, Jul 07, 2025 at 11:36:10AM -0700, Gary E. Miller wrote: > Miroslav Lichvar <[email protected]> wrote: > > A less-hacky way would be to let systemd create that socket and pass > > it to ntpd-rs (indicated in the LISTEN_FDS variable). See > > Or, how about using the existing GPSD-JSON method. No changes > need to gpsd, chronyd, systemdumb, ntpd, etc. Been in use for this > task maybe a decade. Connecting to it in rust is almost trivial, and > supports their silly idea of "security".
The gpsd Unix domain socket is not accessible to ntpd-rs as it's not supposed to be running/started under root (i.e. it already relies on systemd to get the capabilities needed to adjust the clock and bind to a privileged port). ntpd-rs could connect to the TCP port 2947, but that has the same security issue as SHM. It wouldn't really know if it is the system gpsd, or something else that managed to grab the port before gpsd could start, or when it was being restarted, and could possibly be feeding the client bogus data. I think the best solution would be to add support for dropping root privileges to ntpd-rs, but I can see why some people want to avoid that. -- Miroslav Lichvar
