From: Brent Cook <[email protected]>
Maybe these two checks are redundant. OpenNTPD-portable lets one configure
the built-in privilege separation username. Thus, you can potentially
configure that user to be root as well.
---
src/usr.sbin/ntpd/ntp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c
index c2d1fd2..86f58b8 100644
--- a/src/usr.sbin/ntpd/ntp.c
+++ b/src/usr.sbin/ntpd/ntp.c
@@ -147,6 +147,12 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf
*nconf,
conf = nconf;
setup_listeners(se, conf, &listener_cnt);
+ if (pw->pw_uid == 0 || pw->pw_gid == 0)
+ fatal("privsep user cannot be root");
+
+ if (pw->pw_uid == geteuid() || pw->pw_gid == getegid())
+ fatal("privsep user cannot be the privileged user");
+
if (setgroups(1, &pw->pw_gid) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
--
1.9.1
