[ntp:security] [Bug 2960] upgrade to 4.2.8p4 causes FAIL at name resolution; error: ntpd[9881]: giving up resolving host clock.isc.org: Servname not supported for ai_socktype (-8)
bugzilla-daemon at ntp.org
bugzilla-daemon at ntp.org
Tue Mar 1 18:41:42 UTC 2016
https://bugs.ntp.org/show_bug.cgi?id=2960
--- Comment #29 from Juergen Perlinger <perlinger at ntp.org> 2016-03-01 18:41:42 UTC ---
(In reply to comment #28)
> I can confirm that chroot now happens a lot earlier, but I still can't get name
> lookup to work for a chrooted ntpd (short of copying lots of additional stuff
> into the chroot dir).
That's as far as I could push it, sorry. And yes, my list of files to copy into
the root jail is not simple :(
>
> In commend 22 you implied that ntpd can be told at compile time to outsource
> DNS lookups to a forked process, but I can't find the proper configure switches
> for that. I've tried --disable-thread-support and --without-threads
> (individually and together), but end up with ntpd running as a single process
> in all three cases rather than forking off a separate process for DNS.
>
> So, what is needed to get ntpd to use a forking DNS worker?
>
> BTW, what's the difference between the two thread-switches mentioned above?
That's a tricky question -- that is to say you got me definitely left-footed.
There is still quite some code for the async resolver process, but for finding
out how this is actually activated I know only one person...
... Harlan, do you have any ideas on that topic?
But even then, we have to make sure that the resolver process is forked away
*before* we enter the root jail, or we gain nothing. That makes starting up
NTPD even more interesting.
I'm slowly running out of ideas here :(
--
Configure bugmail: https://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the security
mailing list