ntpd abort if fail to drop root

2024-01-23 01:11:00 +00:00 · 2024-01-23 01:11:00 +00:00 · 9b7f1fb05e
commit 9b7f1fb05e
parent cc98bbb71d
2 changed files with 170 additions and 1 deletions
--- a/backport-ntpd-abort-if-fail-to-drop-root.patch
+++ b/backport-ntpd-abort-if-fail-to-drop-root.patch
@ -0,0 +1,162 @@
 Conflict:NA
 Reference:https://bugs.ntp.org/attachment.cgi?id=1880
 diff -Nru a/ntpd/ntpd.c b/ntpd/ntpd.c
 --- a/ntpd/ntpd.c	2024-01-22 05:23:37 +0000
 +++ b/ntpd/ntpd.c	2024-01-22 05:23:37 +0000
@@ -204,10 +204,6 @@
 int mdnstries = 5;
 #endif  /* HAVE_DNSREGISTRATION */
 -#ifdef HAVE_LINUX_CAPABILITIES
 -int have_caps;		/* runtime check whether capabilities work */
 -#endif /* HAVE_LINUX_CAPABILITIES */
 -
 #ifdef HAVE_DROPROOT
 int droproot;
 int root_dropped;
@@ -813,8 +809,8 @@
 #ifndef SIM
 int
 ntpdmain(
 -	int argc,
 -	char *argv[]
 +	int	argc,
 +	char *	argv[]
 	)
 {
 	l_fp		now;
@@ -837,7 +833,7 @@
 # ifdef NEED_PTHREAD_WARMUP
 	my_pthread_warmup();
 # endif
 -	
 +
 # ifdef HAVE_UMASK
 	uv = umask(0);
 	if (uv)
@@ -861,9 +857,9 @@
 # ifdef DEBUG
 	    || debug
 # endif
 -	    || HAVE_OPT(SAVECONFIGQUIT))
 +	    || HAVE_OPT(SAVECONFIGQUIT)) {
 		nofork = TRUE;
 -
 +	}
 	init_logging(progname, NLOG_SYNCMASK, TRUE);
 	/* honor -l/--logfile option to log to a file */
 	if (HAVE_OPT(LOGFILE)) {
@@ -931,32 +927,33 @@
 	}
 # endif
 -/*
 - * Enable the Multi-Media Timer for Windows?
 - */
 +	/*
 +	 * Enable the Multi-Media Timer for Windows?
 +	 */
 # ifdef SYS_WINNT
 -	if (HAVE_OPT( MODIFYMMTIMER ))
 +	if (HAVE_OPT(MODIFYMMTIMER)) {
 		set_mm_timer(MM_TIMER_HIRES);
 +	}
 # endif
 #ifdef HAVE_DNSREGISTRATION
 -/*
 - * Enable mDNS registrations?
 - */
 +	/*
 +	 * Enable mDNS registrations?
 +	 */
 	if (HAVE_OPT( MDNS )) {
 		mdnsreg = TRUE;
 	}
 #endif  /* HAVE_DNSREGISTRATION */
 -	if (HAVE_OPT( NOVIRTUALIPS ))
 +	if (HAVE_OPT(NOVIRTUALIPS)) {
 		listen_to_virtual_ips = 0;
 -
 +	}
 	/*
 	 * --interface, listen on specified interfaces
 	 */
 	if (HAVE_OPT( INTERFACE )) {
 		int		ifacect = STACKCT_OPT( INTERFACE );
 -		const char**	ifaces  = STACKLST_OPT( INTERFACE );
 +		const char **	ifaces = STACKLST_OPT( INTERFACE );
 		sockaddr_u	addr;
 		while (ifacect-- > 0) {
@@ -969,9 +966,9 @@
 		}
 	}
 -	if (HAVE_OPT( NICE ))
 +	if (HAVE_OPT(NICE)) {
 		priority_done = 0;
 -
 +	}
 # ifdef HAVE_SCHED_SETSCHEDULER
 	if (HAVE_OPT( PRIORITY )) {
 		config_priority = OPT_VALUE_PRIORITY;
@@ -1036,7 +1033,7 @@
 	 * on the base CPU than the other CPUs (for multiprocessor systems),
 	 * so we must lock to the base CPU.
 	 */
 -	fd = open("/dev/at1", O_RDONLY);		
 +	fd = open("/dev/at1", O_RDONLY);
 	if (fd >= 0) {
 		zero = 0;
 		if (ioctl(fd, ACPU_LOCK, &zero) < 0)
@@ -1144,7 +1141,7 @@
 #  ifdef RLIMIT_MEMLOCK
 		    && -1 != DFLT_RLIMIT_MEMLOCK
 #  endif
 -		    && 0 != mlockall(MCL_CURRENT|MCL_FUTURE))
 +		    && 0 != mlockall(MCL_CURRENT | MCL_FUTURE))
 			msyslog(LOG_ERR, "mlockall(): %m");
 # else	/* !HAVE_MLOCKALL follows */
 #  ifdef HAVE_PLOCK
@@ -1174,28 +1171,30 @@
 	initializing = FALSE;
 # ifdef HAVE_LINUX_CAPABILITIES
 -	{
 +	if (droproot) {
 +		int	have_caps;
 +		cap_t	caps;
 +
 		/*  Check that setting capabilities actually works; we might be
 		 *  run on a kernel with disabled capabilities. We must not
 		 *  drop privileges in this case.
 		 */
 -		cap_t caps;
 		caps = cap_from_text("cap_sys_time,cap_setuid,cap_setgid,cap_sys_chroot,cap_net_bind_service=pe");
 -		if ( ! caps) {
 -			msyslog( LOG_ERR, "cap_from_text() failed: %m" );
 +		if (!caps) {
 +			msyslog(LOG_ERR, "cap_from_text() failed: %m");
 			exit(-1);
 		}
 		have_caps = (cap_set_proc(caps) == 0);
 		cap_free(caps);	/* caps not NULL here! */
 +		if (!have_caps) {
 +			msyslog(LOG_ERR, ("Fatal: unable to drop root privs: %m"));
 +			exit(-1);
 +		}
 	}
 # endif /* HAVE_LINUX_CAPABILITIES */
 # ifdef HAVE_DROPROOT
 -#  ifdef HAVE_LINUX_CAPABILITIES
 -	if (droproot && have_caps) {
 -#  else
 	if (droproot) {
 -#  endif /*HAVE_LINUX_CAPABILITIES*/
 #  ifdef NEED_EARLY_FORK
 		fork_nonchroot_worker();
--- a/ntp.spec
+++ b/ntp.spec
@ -2,7 +2,7 @@
 Name:                  ntp
 Version:               4.2.8p17
-Release:               2
+Release:               3
 Summary:               A protocol designed to synchronize the clocks of computers over a network
 License:               MIT and BSD and BSD with advertising
 URL:                   https://www.ntp.org/
@ -25,6 +25,7 @@ Patch2:                bugfix-fix-bind-port-in-debug-mode.patch
 Patch3:                bugfix-fix-ifindex-length.patch
 Patch4:                fix-MD5-manpage.patch
 Patch5:                backport-add-NULL-pointer-check-when-ntpd-deletes-the-last-interface.patch
 Patch6:                backport-ntpd-abort-if-fail-to-drop-root.patch
 BuildRequires:	       libcap-devel openssl-devel libedit-devel libevent-devel pps-tools-devel
 BuildRequires:         autogen autogen-libopts-devel systemd gcc perl-generators perl-HTML-Parser
@ -207,6 +208,12 @@ make check
 %{_mandir}/man8/*.8*
 %changelog
 * Tue Jan 23 2024 chengyechun <chengyehcun1@huawei.com> - 4.2.8p17-3
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:linux-only change to abort if ntpd can not drop root
 * Mon Dec 11 2023 chengyechun <chengyechun1@huawei.com> - 4.2.8p17-2
 - Type:bugfix
 - ID:NA