Re: [chrony-dev] shm permissions

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


On Mon, Jan 25, 2010 at 09:48:57PM +0100, Håkan Johansson wrote:
> On Mon, 25 Jan 2010, Bill Unruh wrote:
> >I am not sure that this is a good idea, since this would allow anyone to send
> >rogue data to the shm driver. It would be better to leave it at 0600 for the
> >chrony user ( or for root if you are using root), and let root change it if
> >the sysadmin wants to allow anyone to write to the shm, or at most make it a
> >configuration option.
> 
> It becomes a configuarion option in the sense that segments 0 and 1
> use permissions 0600 and only segments 2 and 3 use 0666, so the
> level of trust can then be selected that way.

I agree with Bill. This seems dangerous.

> >It is not clear to me what the scenario is where someone
> >other than root should be able to send data to this driver.
> 
> My scenario is that I am user on some systems where I will not get
> root permissions, so I cannot modify/restart/etc the ntpd/chronyd
> process, which I do not need.  But the sysadmins would entrust me to
> run e.g. gpsd to provide reference data.  This is useful for the
> further testing of gpsd I am doing, and the need to modify/restart
> gpsd doing that.

If the sysadmins are willing to configure ntpd/chronyd to use SHM, I
think you can ask them to create the segment before starting the
service with any permissions you want, e.g. 600 with your user as the
owner.

-- 
Miroslav Lichvar

---
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/