Wind River Support Network

HomeDefectsLIN5-3901
Fixed

LIN5-3901 : ntpd running as root and other issues

Created: May 7, 2013    Updated: Dec 19, 2017
Resolved Date: May 30, 2013
Found In Version: 5.0.1
Fix Version: 5.0.1.4
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Networking

Description

The ntp daemon should run as a non-root user for security reasons.

Prior to WRL5 this was the case, but no longer.

Also, the ntpd binary seems to be installed in /usr/bin but as a daemon it should be in /usr/sbin

The package should also use crypto support when the relevant packages are available, as in a standard CGL rootfs configuration.

Workaround

Manually add the ntp user and group.
Edit the etc/init.d/ntpd script to add the -u ntp:ntp option.

Steps to Reproduce

$ configure --enable-board=qemux86 --enable-rootfs=glibc_std --enable-kernel=standard
$ make -C build ntp.addpkg

Or use a glibc_cgl rootfs as this includes ntp by default.

$ make fs
$ make start-target

Log in as root and then:

root@qemu0:~# ps ax | grep ntpd
 1314 ?        Ss     0:00 /usr/bin/ntpd -p /var/run/ntp.pid -g
 1323 ?        S      0:00 /usr/bin/ntpd -p /var/run/ntp.pid -g
 1465 ttyS0    S+     0:00 grep ntpd
root@qemu0:~# grep ntp /etc/passwd /etc/group
root@qemu0:~#

The -u option should be used to specify the user:group to use. Normally there is a user and a group called ntp in the passwd and group files, but they are also missing so need to be added.

Notice also that the binary is in the wrong location:

root@qemu0:~# which ntpd
/usr/bin/ntpd

This should be /usr/sbin

Crypto support also seems to be missing.

Other Downloads


Live chat
Online