From 38bb78974653ef6e791f986cab561c3194f84297 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Thu, 1 Jan 2015 13:26:29 -0600
Subject: [PATCH 02/13] do not allow privsep user to be a privileged user

This may need to be a function call for different platforms with
different capability / privilege mechanisms.
---
 src/usr.sbin/ntpd/ntp.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c
index 625364a..c8f095e 100644
--- a/src/usr.sbin/ntpd/ntp.c
+++ b/src/usr.sbin/ntpd/ntp.c
@@ -145,6 +145,12 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf,
 	conf = nconf;
 	setup_listeners(se, conf, &listener_cnt);
 
+	if (pw->pw_uid == 0 || pw->pw_gid == 0)
+		fatal("privsep user cannot be root");
+
+	if (pw->pw_uid == geteuid() || pw->pw_gid == getegid())
+		fatal("privsep user cannot be the privileged user");
+
 	if (setgroups(1, &pw->pw_gid) ||
 	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
-- 
1.9.1