Re: [chrony-dev] [GIT] chrony/chrony.git annotated tag 3.5.1 created. 3.5.1

[Vincent Blut <vincent.debian@xxxxxxx>]

On 2020-08-26T15:30+0200, Miroslav Lichvar wrote:
> On Wed, Aug 26, 2020 at 03:15:48PM +0200, Vincent Blut wrote:
> > Miroslav, Matthias, thanks a lot for working on this.
> > I backported this patch to chrony 3.0 for our previous stable release
> > (Debian 9). Would someone please check that everything is ok?
>
> The diff between the original patch and yours looks ok to me.
>
> Why do you need it? IIRC the Debian chrony package moved the pidfile
> to /var/run/chrony only very recently and the default in versions
> before 3.4 was in /var/run, where only root can write and where this
> is not a security issue.

True! But some admins/users may have overridden the default PID file 
location where the _chrony system user have write access. If so, let’s 
protect them from this vulnerability.

Attachment: signature.asc
Description: PGP signature