Re: [chrony-dev] [GIT] chrony/chrony.git annotated tag 3.5.1 created. 3.5.1 |
[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]
On 2020-08-26T15:30+0200, Miroslav Lichvar wrote:
On Wed, Aug 26, 2020 at 03:15:48PM +0200, Vincent Blut wrote:Miroslav, Matthias, thanks a lot for working on this. I backported this patch to chrony 3.0 for our previous stable release (Debian 9). Would someone please check that everything is ok?The diff between the original patch and yours looks ok to me. Why do you need it? IIRC the Debian chrony package moved the pidfile to /var/run/chrony only very recently and the default in versions before 3.4 was in /var/run, where only root can write and where this is not a security issue.
True! But some admins/users may have overridden the default PID file location where the _chrony system user have write access. If so, let’s protect them from this vulnerability.
Attachment:
signature.asc
Description: PGP signature
Mail converted by MHonArc 2.6.19+ | http://listengine.tuxfamily.org/ |