[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#27050 (fdutils): A cause for security concern?

Wichert writes:
> Have you tried running it [chronyd] as another user?

No, but it doesn't seem too likely that a program that adjusts the system
clock would work too well running as 'nobody'.  It can also be an ntp
server, though that is turned off in the default configuration.

I looked around in the code a bit more and found a few dubious looking
sprintf's.  What else should I look for?  I already checked for 'system'
and 'execve'.
John Hasler
john@dhh.gt.org (John Hasler)
Dancing Horse Hill
Elmwood, WI

Reply to: