[ntp:security] [Bug 2960] upgrade to 4.2.8p4 causes FAIL at name resolution; error: ntpd[9881]: giving up resolving host clock.isc.org: Servname not supported for ai_socktype (-8)

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Fri Jan 29 18:26:17 UTC 2016


--- Comment #17 from Juergen Perlinger <perlinger at ntp.org> 2016-01-29 18:26:17 UTC ---
IMHO the only feasible way for a deterministic behavior would be:
 - If running as daemon, daemonise.
 - change root ASAP.
 - do everything else after that.

There's a drawback, of course:
 - all files/directories that are going to be used (including the special
   device files) have to be cloned into the chroot jail.

Any attempt to shorten the list of files to clone is probably doomed: Loading a
library does not necessarily include all lazy initializations, so we might fail
mysteriously later; starting the clock drivers for opening the devices to avoid
cloning the special files is bound to be a PITA because it might already do
things that give trouble after the chroot, etc, etc. 

I'm not sure how well this interacts with a change of the effective user, my
first guess is that moving only(!/?) the chroot() stuff immediately behind the
daemonising stuff but before everything else should work.

AFAIK that would be according to the textbook. Or, at least in accord with

If someone has a better idea (or just can tell me why this would not work as
intended), I'm open for everything. Maybe root-jailing before daemonising might
be better?

Any volunteers yet?

Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the security mailing list