On Tue, 15 Aug 2017, Rob Noll wrote:
This setup is located in my pickup and as such does not always have internet
access. The Raspberry Pi does not have a real clock, and therefore if it is
started without internet access, the date and time are incorrect. This
results in an invalid timestamp on my packets, which results in them not
showing on aprs.fi.
It appears I can attempt to solve this in a number of different ways - set
the SUID bit on the Xastir binary so Xastir can set the system time; set up
GPS software that will masquerade as an NTP server allowing the Pi to set
the clock from the GPS itself; run a batch script at startup to manually
read the GPS and set the system time; configure Xastir to use the "fixed
station" option so it does not send a time stamp; figure out which command
Xastir uses to set the time and configure the Pi to allow any user to use
that command.
Speaking as one of the ones that massaged the code to make SUID safer in
Xastir, I'd say you're pretty safe using that. Yes, it does allow Xastir to do
things as root, but Xastir will drop to normal user privileges most of the time
and then just go to root privileges for a short time to access ports or to do a
few special commands.
Also: If you aren't giving wifi access to your Rpi while you're driving around,
there's no way for someone to hack in to mess with things, and they can't try
to take advantage of SUID root programs that way.
Now if you're driving around with an open Wifi allowing people to connect, you
might want to shut that down.
Xastir does a significant time jump using this technique. May cause havoc with
other things, may not.
Another option is to run gpsd on the box, connect Xastir to gpsd, and see about
running ntp against gpsd. With this scheme you'll get slow transitions in time
to keep things in sync. You may have to play with it a bit to make sure it can
do faster transitions towards the current time if you're using it mobile: The
transitioning might not be fast enough for you. Note: I haven't done this
method so there may be some gotcha's in it, but it's worth considering. It
allows sharing the GPS with as many devices as want to use it.
At the moment, my solution is to set the SUID bit on the Xastir binary.
This is allowing Xastir to set the system time and seems to solve my
problem. However, I'm unclear as to whether this is an excessive security
risk and/or a bad method of doing things. One Xastir page mentions that
this method is necessary to use an AX.25 server, but another page mentions
in capital letters not to run Xastir as root. I do not know if setting the
SUID bit is the same as running it as root but it seems like it would be.
It's not the same as running it as root. When you run Xastir as root it is
always running as root, every file it creates ends up owned as root. It's a bad
idea.
Running SUID root allows Xastir to run as a normal user most of the time, and
only revert to root for fractions of a second when truly necessary.
--
Curt, WE7U. http://we7u.wetnet.net
"Debating an anti-gunner is like debating an arachnophobe about the importance of
spiders in the ecosystem." -Stephen Wright
_______________________________________________
Xastir mailing list
[email protected]
http://xastir.org/mailman/listinfo/xastir
