> On Mon, Feb 09, 2015 at 10:37:01PM -0600, Brent Cook wrote:
> > Since openntpd-portable allows configuring the privsep user, do a
> > couple of sanity checks at runtime to make sure the privsep user wasn't
> > configured as root.
> >
> > This might be overkill.
> >
>
> I wouldn't like if ntpd has anything special here. If it is for
> portable, it should be in portable. If it is useful for base, please
> do it for all of the daemons. I actually think that it is overkill
> and is not needed in base.
It does feel excessive. Packagers (like me, and portable, and further
downstreams) should configure right. Then they test. If they get it right,
these errors should never happen...
> > ---
> > src/usr.sbin/ntpd/ntp.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> > diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c
> > index 625364a..c8f095e 100644
> > --- a/src/usr.sbin/ntpd/ntp.c
> > +++ b/src/usr.sbin/ntpd/ntp.c
> > @@ -145,6 +145,12 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct
> > ntpd_conf *nconf,
> > conf = nconf;
> > setup_listeners(se, conf, &listener_cnt);
> >
> > + if (pw->pw_uid == 0 || pw->pw_gid == 0)
> > + fatal("privsep user cannot be root");
> > +
> > + if (pw->pw_uid == geteuid() || pw->pw_gid == getegid())
> > + fatal("privsep user cannot be the privileged user");
> > +
> > if (setgroups(1, &pw->pw_gid) ||
> > setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
> > setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
> > --
> > 1.9.1
> >
>
> --
>
