Yo Miroslav! On Tue, 8 Jul 2025 08:55:21 +0200 Miroslav Lichvar <[email protected]> wrote:
> On Mon, Jul 07, 2025 at 11:36:10AM -0700, Gary E. Miller wrote: > > Miroslav Lichvar <[email protected]> wrote: > > > A less-hacky way would be to let systemd create that socket and > > > pass it to ntpd-rs (indicated in the LISTEN_FDS variable). See > > > > Or, how about using the existing GPSD-JSON method. No changes > > need to gpsd, chronyd, systemdumb, ntpd, etc. Been in use for this > > task maybe a decade. Connecting to it in rust is almost trivial, > > and supports their silly idea of "security". > > The gpsd Unix domain socket is not accessible to ntpd-rs as it's not > supposed to be running/started under root (i.e. it already relies on > systemd to get the capabilities needed to adjust the clock and bind to > a privileged port). I did not mention the unix domain socket. But another reason not to like systemdumb. > ntpd-rs could connect to the TCP port 2947, but that has the same > security issue as SHM. That is what I was thinking of. But I can't imagine how they have remotely similar security issues. The SHM has traditional UGO permissions. 2947, has none. > It wouldn't really know if it is the system > gpsd, or something else that managed to grab the port before gpsd > could start, or when it was being restarted, and could possibly be > feeding the client bogus data. Yes, the arguments for the current approacehs. > I think the best solution would be to add support for dropping root > privileges to ntpd-rs, but I can see why some people want to avoid > that. We (gpsd) have no control over what ntpd-rs does. But I agree, they should start as root, then drop pviviledges. Sadly, they do not appear to be participating here. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 [email protected] Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin
pgp5Z3TdpuXOt.pgp
Description: OpenPGP digital signature
