From 48ecc0761d25153c21662845e3eaacf44c33538f Mon Sep 17 00:00:00 2001
From: deraadt <>
Date: Fri, 31 Aug 2018 18:45:02 +0000
Subject: [PATCH] the main process must chdir to /, since it cannot have
 daemon() do the job at startup.  After much anguish I accept dlg's solution
 of chdir for the problem ("starting ntpd on a filesystem I want to unmount"),
 but we cannot change the main-process daemon() call.  Why?  Because the ntpd
 privsep design predates more modern designs where the config file is parsed
 once, and configuration marshalled to the fork+exec children.  Instead each
 ntpd process re-parses the config, and if we chdir before fork+exec startup,
 it will move the basedir causing -f "relativepath" to fail.

discussed with florian
---
 src/usr.sbin/ntpd/ntpd.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/usr.sbin/ntpd/ntpd.c b/src/usr.sbin/ntpd/ntpd.c
index cb6bc137..c646ec37 100644
--- a/src/usr.sbin/ntpd/ntpd.c
+++ b/src/usr.sbin/ntpd/ntpd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ntpd.c,v 1.116 2018/08/08 22:56:42 deraadt Exp $ */
+/*	$OpenBSD: ntpd.c,v 1.117 2018/08/31 18:45:02 deraadt Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -220,6 +220,9 @@ main(int argc, char *argv[])
 	    pipe_chld) == -1)
 		fatal("socketpair");
 
+	if (chdir("/") == -1)
+		fatal("chdir(\"/\")");
+
 	signal(SIGCHLD, sighdlr);
 
 	/* fork child process */