Re: [chrony-dev] shm permissions

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


I am not sure that this is a good idea, since this would allow anyone to send
rogue data to the shm driver. It would be better to leave it at 0600 for the
chrony user ( or for root if you are using root), and let root change it if
the sysadmin wants to allow anyone to write to the shm, or at most make it a
configuration option. It is not clear to me what the scenario is where someone
other than root should be able to send data to this driver.

On Mon, 25 Jan 2010, Håkan Johansson wrote:


Hi,

ntpd creates the shm refclock segments 2 and 3 with permissions 0666 (previously 0777), allowing also non-root users to provide synchronisation data when these segments are set up. The attached patch changes chrony to do that to (currently 0700 for all segments). It also changes the permissions from 7 to 6, i.e. removing the useless execute-bits.

Cheers,
Håkan


--
William G. Unruh   |  Canadian Institute for|     Tel: +1(604)822-3273
Physics&Astronomy  |     Advanced Research  |     Fax: +1(604)822-5324
UBC, Vancouver,BC  |   Program in Cosmology |     unruh@xxxxxxxxxxxxxx
Canada V6T 1Z1     |      and Gravity       |  www.theory.physics.ubc.ca/


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/