Re: [chrony-users] ntpdata as normal user |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] ntpdata as normal user
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Mon, 30 Nov 2020 13:23:10 +0100
- Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@xxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1606738997; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=+7FwsTZcAa41qLmT6uz7val/KTzO83P48Ad06A8z4Wk=; b=jSMCqZuVEC/sfRCdXnGB1Bq7GSXM+dRi8C3DXh8kOCEM9mF0gIvFoUFeePISRaJhqTwHqM 0SIVROXQ+Q25D78Yp0kgeYQC+QWjjHsGyNjJgSd3DMsdFM+1WZ+K5gt0Mn1YIJeSCb25zZ yVKvg+OTEkmlezpa+ma2kqYYOc0xL94=
On Mon, Nov 30, 2020 at 12:33:43PM +0100, Kurt Roeckx wrote:
> So it seems that by design, ntpdata can't be used over a localhost
> connection, nor can you give permission to do it.
> I currently can't see a reason why ntpdata can't be accessed,
> while sources and sourcestats can.
It's mostly my paranoia. I wasn't able to convince myself that some of
the information provided by the ntpdata command couldn't be useful in
an attack, like it happened with some ntpq commands.
There is a possibility to make the command accessible only to
localhost (over UDP), but it would be the first command doing that,
complicating the users' required knowledge.
> That is, chronyc seems to want to bind to a unix domain socket
> and put it in /run/chrony/. I don't see a reason to call bind(),
> nor a reason to want to put an other named socket in
> /run/chrony/. It should just call connect().
It's a datagram socket, so it needs to be bound if you want to receive
a response. Switching to stream sockets would require chronyd to
handle the connections and client sockets. I'd prefer keeping the
simple stateless design with datagrams.
> I currently need to change the permission of both /run/chrony and
> /run/chrony/chronyd.sock to be able to access it from a non-root,
> non-_chrony user.
Would it work if /var/run/chrony had permissions 0775 and the user was
in the chrony group?
Maybe chronyc could have an option to specify the location of its
socket and let the user put it in a hidden directory where chronyd is
allowed to write? Too risky?
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.