Summary: | net-misc/chrony uses the same user/group as net-misc/ntp | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Default Configs | Assignee: | Gentoo Security <security> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | CC: | base-system, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=711058 https://bugs.gentoo.org/show_bug.cgi?id=740550 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 701210 |
Description
Jeroen Roovers (RETIRED)
2020-10-02 09:24:07 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/api.git/commit/?id=b9acf0308212fcb54098bace048214194d17cded commit b9acf0308212fcb54098bace048214194d17cded Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2021-07-13 22:12:43 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2021-07-13 22:37:55 +0000 uid-gid.txt: add uid/gid (127) chrony Bug: https://bugs.gentoo.org/746116 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> files/uid-gid.txt | 1 + 1 file changed, 1 insertion(+) The bug has been closed via the following commit(s): https://gitweb.gentoo.org/data/api.git/commit/?id=0c3d1a9d7e1d873e64599b51ab2e5ffa56162e41 commit 0c3d1a9d7e1d873e64599b51ab2e5ffa56162e41 Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2021-07-13 22:47:20 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2021-07-13 22:48:34 +0000 uid-gid.txt: drop uid/gid (127) chrony The ntp user should be still used, so dropping. Closes: https://bugs.gentoo.org/746116 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> files/uid-gid.txt | 1 - 1 file changed, 1 deletion(-) Just to add a bit more context (as I should've done in the first place - thanks floppym for rightly pointing this out): - My view is that it would be wasteful to use a new UID+GID allocation for chrony; - It's unlikely that anybody is running both chrony and another ntpd and given e.g. seccomp filtering, I'm unconvinced of any real security impact here; - To the best of my recollection (and seemingly from what a glance at git says), openntpd didn't actually have its own user at the time of my change (we just had acct-*/ntp). If somebody strongly feels that there's value in having its own user, we can -as ever - discuss it. |