@ -1,7 +1,7 @@ | |||||
From be2634a7df434a90896a8678da308734943f69bb Mon Sep 17 00:00:00 2001 | |||||
From c1965168591c557f8eca31399553c0988cffb18f Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | From: Brent Cook <busterb@gmail.com> | ||||
Date: Tue, 30 Dec 2014 09:10:22 -0600 | Date: Tue, 30 Dec 2014 09:10:22 -0600 | ||||
Subject: [PATCH 03/13] Handle IPv6 DNS records on IPv4 networks more liberally | |||||
Subject: [PATCH 01/11] Handle IPv6 DNS records on IPv4 networks more liberally | |||||
Rather than fail on IPv4 only networks when seeing an IPv6 DNS record, | Rather than fail on IPv4 only networks when seeing an IPv6 DNS record, | ||||
just give a warning. | just give a warning. |
@ -1,36 +0,0 @@ | |||||
From c214bf6eca6de29239d00b4a9ce6528f82b25bec Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | |||||
Date: Thu, 1 Jan 2015 13:06:38 -0600 | |||||
Subject: [PATCH 01/13] be more verbose when logging privsep errors | |||||
Make it easy for a sysadmin to diagnose a privilege separation path | |||||
problem without looking at the source code. | |||||
--- | |||||
src/usr.sbin/ntpd/ntp.c | 11 +++++++---- | |||||
1 file changed, 7 insertions(+), 4 deletions(-) | |||||
diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c | |||||
index 87b769b..625364a 100644 | |||||
--- a/src/usr.sbin/ntpd/ntp.c | |||||
+++ b/src/usr.sbin/ntpd/ntp.c | |||||
@@ -121,10 +121,13 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf, | |||||
ntp_dns(pipe_dns, nconf, pw); | |||||
close(pipe_dns[1]); | |||||
- if (stat(pw->pw_dir, &stb) == -1) | |||||
- fatal("stat"); | |||||
- if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0) | |||||
- fatalx("bad privsep dir permissions"); | |||||
+ if (stat(pw->pw_dir, &stb) == -1) { | |||||
+ fatal("privsep dir %s could not be opened", pw->pw_dir); | |||||
+ } | |||||
+ if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { | |||||
+ fatalx("bad privsep dir %s permissions: %o", | |||||
+ pw->pw_dir, stb.st_mode); | |||||
+ } | |||||
if (chroot(pw->pw_dir) == -1) | |||||
fatal("chroot"); | |||||
if (chdir("/") == -1) | |||||
-- | |||||
1.9.1 | |||||
@ -1,31 +0,0 @@ | |||||
From 38bb78974653ef6e791f986cab561c3194f84297 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | |||||
Date: Thu, 1 Jan 2015 13:26:29 -0600 | |||||
Subject: [PATCH 02/13] do not allow privsep user to be a privileged user | |||||
This may need to be a function call for different platforms with | |||||
different capability / privilege mechanisms. | |||||
--- | |||||
src/usr.sbin/ntpd/ntp.c | 6 ++++++ | |||||
1 file changed, 6 insertions(+) | |||||
diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c | |||||
index 625364a..c8f095e 100644 | |||||
--- a/src/usr.sbin/ntpd/ntp.c | |||||
+++ b/src/usr.sbin/ntpd/ntp.c | |||||
@@ -145,6 +145,12 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf, | |||||
conf = nconf; | |||||
setup_listeners(se, conf, &listener_cnt); | |||||
+ if (pw->pw_uid == 0 || pw->pw_gid == 0) | |||||
+ fatal("privsep user cannot be root"); | |||||
+ | |||||
+ if (pw->pw_uid == geteuid() || pw->pw_gid == getegid()) | |||||
+ fatal("privsep user cannot be the privileged user"); | |||||
+ | |||||
if (setgroups(1, &pw->pw_gid) || | |||||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || | |||||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) | |||||
-- | |||||
1.9.1 | |||||
@ -1,7 +1,7 @@ | |||||
From 125039fad99de2ad2ac0c0738c692dae14c48bfb Mon Sep 17 00:00:00 2001 | |||||
From 5ff8767d8c59f65d4e2706cdb2a241e031f204f5 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | From: Brent Cook <busterb@gmail.com> | ||||
Date: Mon, 12 Jan 2015 21:16:54 -0600 | Date: Mon, 12 Jan 2015 21:16:54 -0600 | ||||
Subject: [PATCH 05/13] Use LOG_NTP syslog facility if it is available | |||||
Subject: [PATCH 03/11] Use LOG_NTP syslog facility if it is available | |||||
FreeBSD PR: 114191 | FreeBSD PR: 114191 | ||||
Submitted by: Robert Archer <freebsd@deathbeforedecaf.net> | Submitted by: Robert Archer <freebsd@deathbeforedecaf.net> |
@ -1,7 +1,7 @@ | |||||
From c8bac970282975fd81542dcf5173e5ffdad545c3 Mon Sep 17 00:00:00 2001 | |||||
From b911b4bf173e66a3d8c4a1323e89343d2957eb61 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | From: Brent Cook <busterb@gmail.com> | ||||
Date: Tue, 30 Dec 2014 09:05:46 -0600 | Date: Tue, 30 Dec 2014 09:05:46 -0600 | ||||
Subject: [PATCH 07/13] check if rdomain support is available. | |||||
Subject: [PATCH 05/11] check if rdomain support is available. | |||||
Handle FreeBSD's calling rdomain 'FIB'. | Handle FreeBSD's calling rdomain 'FIB'. | ||||
- from naddy@openbsd.org | - from naddy@openbsd.org |
@ -1,7 +1,7 @@ | |||||
From 9a2a22b3714bdb398f9b03a64d91aecbdd9b5fc0 Mon Sep 17 00:00:00 2001 | |||||
From f6ca535f9c7d8094633465d44d974495a0d3a5c6 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | From: Brent Cook <busterb@gmail.com> | ||||
Date: Tue, 30 Dec 2014 09:20:03 -0600 | Date: Tue, 30 Dec 2014 09:20:03 -0600 | ||||
Subject: [PATCH 08/13] update ntpd.conf to indicate OS-dependent options | |||||
Subject: [PATCH 06/11] update ntpd.conf to indicate OS-dependent options | |||||
Also, clarify listening behavior based on a patch from | Also, clarify listening behavior based on a patch from | ||||
Dererk <dererk@debian.org> | Dererk <dererk@debian.org> |
@ -1,7 +1,7 @@ | |||||
From 2e60189298e177d811c4574bf07b4721361d306b Mon Sep 17 00:00:00 2001 | |||||
From 8cfcaaf084e9969730f3291733430098de80c3ec Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | From: Brent Cook <busterb@gmail.com> | ||||
Date: Thu, 1 Jan 2015 07:18:11 -0600 | Date: Thu, 1 Jan 2015 07:18:11 -0600 | ||||
Subject: [PATCH 09/13] allow overriding default user and file locations | |||||
Subject: [PATCH 07/11] allow overriding default user and file locations | |||||
Allow the build process to override the default ntpd file paths and | Allow the build process to override the default ntpd file paths and | ||||
default user. | default user. |
@ -1,7 +1,7 @@ | |||||
From ff82cc8278eafc04ee00f1e847c7424d857b2907 Mon Sep 17 00:00:00 2001 | |||||
From f284fcbe288ed0a227a44cdd715b1c5668d4b112 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | From: Brent Cook <busterb@gmail.com> | ||||
Date: Wed, 31 Dec 2014 08:26:41 -0600 | Date: Wed, 31 Dec 2014 08:26:41 -0600 | ||||
Subject: [PATCH 10/13] add -p option to create a pid file | |||||
Subject: [PATCH 08/11] add -p option to create a pid file | |||||
This is used in both the Gentoo and Debian ports. | This is used in both the Gentoo and Debian ports. | ||||
@ -1,7 +1,7 @@ | |||||
From 026e34d46265334276120711dc80f42ea20c3b82 Mon Sep 17 00:00:00 2001 | |||||
From 3208d0b0529a09765c0674cbc4c57ab26ab30fc9 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | From: Brent Cook <busterb@gmail.com> | ||||
Date: Mon, 12 Jan 2015 06:18:31 -0600 | Date: Mon, 12 Jan 2015 06:18:31 -0600 | ||||
Subject: [PATCH 11/13] initialize setproctitle where needed | |||||
Subject: [PATCH 09/11] initialize setproctitle where needed | |||||
We need to save a copy of argv and __progname to avoid setproctitle | We need to save a copy of argv and __progname to avoid setproctitle | ||||
clobbering them. | clobbering them. |
@ -1,7 +1,7 @@ | |||||
From 0763f9baeb5f915dce6da779cc57a6e374f92cf7 Mon Sep 17 00:00:00 2001 | |||||
From 51d62c2c4c019ee1e5db2fef7a53df602b76d646 Mon Sep 17 00:00:00 2001 | |||||
From: Brent Cook <busterb@gmail.com> | From: Brent Cook <busterb@gmail.com> | ||||
Date: Mon, 12 Jan 2015 21:17:35 -0600 | Date: Mon, 12 Jan 2015 21:17:35 -0600 | ||||
Subject: [PATCH 12/13] document SIGUSR1 fallback if SIGINFO is not | |||||
Subject: [PATCH 10/11] document SIGUSR1 fallback if SIGINFO is not | |||||
implemented. | implemented. | ||||
--- | --- |