[chrony-dev] [Git][chrony/chrony][master] 5 commits: client: add support for dropping root privileges

["Miroslav Lichvar (@mlichvar)" <gitlab@xxxxxxxxxxxxx>]

Title: GitLab

Miroslav Lichvar pushed to branch master at chrony / chrony

Commits:

• be7f5e89
  by Miroslav Lichvar at 2025-08-07T10:18:31+02:00

  client: add support for dropping root privileges
  
  To minimize the impact of potential attacks targeting chronyc started
  under root (e.g. performed by a local chronyd process running without
  root privileges, a remote chronyd process, or a MITM attacker on the
  network), add support for changing the effective UID/GID in chronyc
  after start.
  
  The user can be specified by the -u option, similarly to chronyd. The
  default chronyc user can be changed by the --with-chronyc-user
  configure option. The default value of the default chronyc user is
  "root", i.e. chronyc doesn't try to change the identity by default.
  
  The default chronyc user does not follow the default chronyd user
  set by the configure --with-user option to avoid errors on systems where
  chronyc is not allowed to change its UID/GID (e.g. by a SELinux policy).
  

• 9b183fe9
  by Miroslav Lichvar at 2025-08-07T10:18:31+02:00

  sources: add option to limit selection of unreachable sources
  
  Add maxunreach option to NTP sources and refclocks to specify the
  maximum number of polls that the source can stay selected for
  synchronization when it is unreachable (i.e. no valid sample was
  received in the last 8 polls).
  
  It is an additional requirement to having at least one sample more
  recent than the oldest sample of reachable sources.
  
  The default value is 100000. Setting the option to 0 disables selection
  of unreachable sources, which matches RFC 5905.
  

• abc267a5
  by Miroslav Lichvar at 2025-08-07T10:18:31+02:00

  tls: don't call gnutls_deinit() after failed gnutls_init()
  
  Don't assume gnutls_init() leaves the session pointer at NULL when it
  returns with an error status. It might be a session that was already
  allocated and then freed without resetting it to NULL after an error.
  
  Fixes: 3e32e7e69412 ("tls: move gnutls code into tls_gnutls.c")
  

• 93a78c73
  by Miroslav Lichvar at 2025-08-07T10:18:31+02:00

  tls: fix server log messages to have client IP address
  
  Add an additional parameter to TLS_CreateInstance() to save the label of
  the connection (server name on the client side and client IP
  address:port on the server side) instead of the server name (which is
  NULL on the server side) to fix the log messages.
  
  Fixes: 3e32e7e69412 ("tls: move gnutls code into tls_gnutls.c")
  

• b365edb4
  by Miroslav Lichvar at 2025-08-07T10:18:31+02:00

  tls: don't accept NULL ALPN name in TLS_CreateInstance()
  
  The TLS_CreateInstance() function handles a NULL alpn_name, but the
  other session functions would crash if it was NULL. Change the function
  to not handle the NULL for consistency and avoid potential confusion.
  
  Fixes: 3e32e7e69412 ("tls: move gnutls code into tls_gnutls.c")
  

22 changed files:

• candm.h
• client.c
• cmdmon.c
• cmdparse.c
• conf.c
• configure
• doc/Makefile.in
• doc/chrony.conf.adoc
• doc/chronyc.adoc
• ntp_core.c
• nts_ke_session.c
• refclock.c
• refclock.h
• sources.c
• sources.h
• srcparams.h
• test/simulation/110-chronyc
• + test/simulation/150-maxunreach
• test/system/test.common
• test/unit/sources.c
• tls.h
• tls_gnutls.c

—
View it on GitLab.
You're receiving this email because of your account on gitlab.com.. Manage all notifications · Help Notification message regarding https://gitlab.com/chrony/chrony/-/compare/5e2cd47ad1b10d55801c80179dd64c1902b5e3e6...b365edb48edad9f783ef5a05836fbaa53c1063f8 at 1754556720