Summary: | net-misc/chrony-2* should not enable USE="phc pps" by default | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Andrew Savchenko <bircoph> |
Component: | [OLD] Server | Assignee: | Jeroen Roovers (RETIRED) <jer> |
Status: | RESOLVED WORKSFORME | ||
Severity: | trivial | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Andrew Savchenko
2015-07-05 20:42:28 UTC
What attack surface? I like to stay close to upstream. So their default configure options are our default configure options, except where they would clash with Gentoo specific requirements. I don't think these two options should be disabled just because they increase the install size. As for the attack surface, that would require a malicious RTC or PPS driver in the kernel or having those open to unprivileged user access. chrony's attack surface would in those cases be the least of your concerns. (In reply to Jeroen Roovers from comment #2) > As for the attack surface, that would require a malicious RTC or PPS driver PCH and PPS, that is. PHC... (In reply to Jeroen Roovers from comment #2) > I like to stay close to upstream. So their default configure options are our > default configure options, except where they would clash with Gentoo > specific requirements. This is understandable, but questionable approach. Upstream is usually targeted on the audience unable/unwilling to rebuild from sources, thus upstream tends to include as functionality as possible except for questionable stuff. > As for the attack surface, that would require a malicious RTC or PPS driver > in the kernel or having those open to unprivileged user access. chrony's > attack surface would in those cases be the least of your concerns. Not really, just some bug in auxiliary code may be triggered. Less code => less bugs, that's simple and works statistically quite well (of course there are some exceptions, e.g. hardening code). |