Re: [chrony-dev] shm permissions

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]



On Mon, 25 Jan 2010, Bill Unruh wrote:

I am not sure that this is a good idea, since this would allow anyone to send
rogue data to the shm driver. It would be better to leave it at 0600 for the
chrony user ( or for root if you are using root), and let root change it if
the sysadmin wants to allow anyone to write to the shm, or at most make it a
configuration option.

It becomes a configuarion option in the sense that segments 0 and 1 use permissions 0600 and only segments 2 and 3 use 0666, so the level of trust can then be selected that way.

It is not clear to me what the scenario is where someone
other than root should be able to send data to this driver.

My scenario is that I am user on some systems where I will not get root permissions, so I cannot modify/restart/etc the ntpd/chronyd process, which I do not need. But the sysadmins would entrust me to run e.g. gpsd to provide reference data. This is useful for the further testing of gpsd I am doing, and the need to modify/restart gpsd doing that.

Cheers,
Håkan



On Mon, 25 Jan 2010, Håkan Johansson wrote:


Hi,

ntpd creates the shm refclock segments 2 and 3 with permissions 0666
(previously 0777), allowing also non-root users to provide synchronisation
data when these segments are set up.  The attached patch changes chrony to do
that to (currently 0700 for all segments).  It also changes the permissions
from 7 to 6, i.e. removing the useless execute-bits.

Cheers,
Håkan


--
William G. Unruh   |  Canadian Institute for|     Tel: +1(604)822-3273
Physics&Astronomy  |     Advanced Research  |     Fax: +1(604)822-5324
UBC, Vancouver,BC  |   Program in Cosmology |     unruh@xxxxxxxxxxxxxx
Canada V6T 1Z1     |      and Gravity       |  www.theory.physics.ubc.ca/


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/