1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-12 09:58:36 +00:00
freebsd/usr.sbin
Ian Lepore 3496c981ac Make it possible to run ntpd as a non-root user, add ntpd uid and gid.
Code analysis and runtime analysis using truss(8) indicate that the only
privileged operations performed by ntpd are adjusting system time, and
(re-)binding to privileged UDP port 123. These changes add a new mac(4)
policy module, mac_ntpd(4), which grants just those privileges to any
process running with uid 123.

This also adds a new user and group, ntpd:ntpd, (uid:gid 123:123), and makes
them the owner of the /var/db/ntp directory, so that it can be used as a
location where the non-privileged daemon can write files such as the
driftfile, and any optional logfile or stats files.

Because there are so many ways to configure ntpd, the question of how to
configure it to run without root privs can be a bit complex, so that will be
addressed in a separate commit. These changes are just what's required to
grant the limited subset of privs to ntpd, and the small change to ntpd to
prevent it from exiting with an error if running as non-root.

Differential Revision:	https://reviews.freebsd.org/D16281
2018-07-19 23:55:29 +00:00
..
ac various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
accton General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
acpi acpidump(8): Add ACPI LPIT (Low Power Idle Table) 2018-07-11 01:37:01 +00:00
adduser various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
amd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
ancontrol spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
apm DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
apmd various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
arp Remove infrastructure for token-ring networks. 2018-03-28 23:33:26 +00:00
audit DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
auditd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
auditdistd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
auditreduce DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
authpf DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
autofs Add SPDX tags for automount(8) et al. 2018-01-24 16:39:02 +00:00
bhyve Improve bhyve exit(3) error code. 2018-07-11 03:23:09 +00:00
bhyvectl style(9) remove unnecessary blank tabs. 2018-06-13 03:35:24 +00:00
bhyveload style(9) remove unnecessary blank tabs. 2018-06-13 03:35:24 +00:00
binmiscctl Don't leak resources on duplicate -m or -M arguments. Last one wins. 2017-12-28 05:32:59 +00:00
blacklistctl DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
blacklistd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
bluetooth bthidd(8): Add evdev protocol support for bluetooth keyboards and mouses 2018-04-30 12:16:54 +00:00
boot0cfg various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
bootparamd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
bsdconfig bsdconfig: Fix a bug when editing users 2018-06-17 22:09:43 +00:00
bsdinstall Add partition scheme for mpc85xx devices 2018-06-07 00:24:10 +00:00
bsnmpd Update bsnmp to version 1.13. This does not bring user-visible changes. 2018-07-03 08:44:40 +00:00
btxld Explicitly ignore return value from remove. We wouldn't do anything 2017-12-28 05:33:19 +00:00
camdd Use calloc() instead of malloc+bzero. 2018-04-24 04:07:51 +00:00
cdcontrol DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
chkgrp various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
chown General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
chroot General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
ckdist various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
clear_locks various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
config config(8): Invert checks; envmode/hintmode reflect "env provided"1 2018-07-17 15:16:34 +00:00
cpucontrol Use the existing MSR_BIOS_SIGN on AMD. 2018-07-13 20:56:20 +00:00
crashinfo General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
cron Remove old, dead compat code. 2018-06-10 02:30:09 +00:00
crunch various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
ctladm Rework CTL frontend & backend options to use nv(3), allow creating multiple 2018-05-10 03:50:20 +00:00
ctld Rework CTL frontend & backend options to use nv(3), allow creating multiple 2018-05-10 03:50:20 +00:00
ctm SPDX: use the Beerware identifier. 2017-11-30 20:33:45 +00:00
cxgbetool cxgbetool(8): Reject invalid VLAN values. 2018-06-26 21:56:06 +00:00
daemon Fix cut-and-pasted line to have the right option letter. 2018-04-16 03:35:43 +00:00
dconschat spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
devctl DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
devinfo devinfo_init() returns an errno, but doesn't set errno, so the error 2018-05-30 15:08:59 +00:00
diskinfo Sanity check media size and sector counts to ensure that we don't 2018-01-06 12:34:03 +00:00
dumpcis Fix typo & build 2018-01-05 08:29:32 +00:00
editmap DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
edquota General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
eeprom various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
efibootmgr Remove ignored command line options 2018-05-08 20:02:44 +00:00
efidp Set dp to NULL when we free it, and tree a NULL dp as an error 2018-01-05 07:09:24 +00:00
efivar Iniailize str so ucs2_to_utf8 won't free stack garbage. 2017-12-12 19:26:28 +00:00
etcupdate various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
extattr various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
extattrctl various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
fdcontrol Tag 'a' case as one we're intentionally falling through to 2018-01-05 07:28:48 +00:00
fdformat fdformat is a sysadmin command and thus its man page should be in 2017-12-05 05:02:46 +00:00
fdread various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
fdwrite SPDX: use the Beerware identifier. 2017-11-30 20:33:45 +00:00
fifolog various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
flowctl various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
fmtree DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
freebsd-update various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
fstyp Use capsicum helpers in fstype and ctld. 2018-07-15 17:21:19 +00:00
ftp-proxy DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
fwcontrol Don't close fd twice. This line should have been deleted in r327279. 2018-01-05 05:34:20 +00:00
getfmac various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
getpmac various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
gpioctl gpioctl.8: Fix man page section 2018-06-06 18:52:33 +00:00
gssd various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
gstat various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
hyperv DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
i2c various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
ifmcstat bits is never null when we call ot. Add an assert to that effect and 2018-01-05 07:28:58 +00:00
inetd various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
iostat Make iostat -xC print CPU information on its own line 2018-04-18 02:25:03 +00:00
iovctl DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
ip6addrctl General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
ipfwpcap Buildfix for GCC after r334277. 2018-05-28 09:41:44 +00:00
iscsid Add missing SPDX identifier in iscsid(8). 2018-01-24 16:34:37 +00:00
jail Make it easier for filesystems to count themselves as jail-enabled, 2018-05-04 20:54:27 +00:00
jexec various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
jls various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kbdcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kbdmap various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
keyserv DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
kgmon Free zbuf when kflag is true too. 2017-12-28 05:34:04 +00:00
kgzip various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
kldxref Use EF_SEG_READ_STRING instead of EF_SEG_READ when reading strings. 2018-07-15 05:29:39 +00:00
lastlogin various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
lpr Fix the resource leak of a 'FILE *' which could happen in routine 2018-03-12 01:41:16 +00:00
lptcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mailstats DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
mailwrapper Revert r326844 2018-01-02 16:50:57 +00:00
makefs makefs: ANSIfy 2018-05-16 02:58:05 +00:00
makemap DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
manctl spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
memcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mergemaster Update several more URLs 2017-10-29 08:17:03 +00:00
mfiutil various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mixer DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
mld6query Fix mld6query(8) and add a new -g option 2018-05-11 19:37:18 +00:00
mlx5tool Check that the address is specified in mlx5tool(8). 2018-03-08 15:28:13 +00:00
mlxcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mount_smbfs DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
mountd mountd: fix a crash when getgrouplist reports too many groups 2018-04-16 09:17:36 +00:00
moused various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mpsutil mpsutil: correct style 2018-05-23 09:46:21 +00:00
mptable various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
mptutil Delete copypasta 2018-02-23 17:20:53 +00:00
mtest mtest: build with WARNS=3 2018-05-19 20:57:22 +00:00
nandsim various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
nandtool nandtool: Add missing mode for open() with O_CREAT 2017-12-26 16:20:38 +00:00
ndiscvt Don't leak outfile. Free it before we return from bincvt. 2017-12-28 05:34:14 +00:00
ndp General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
newsyslog newsyslog.8: Remove cutesy nonsense 2018-07-19 16:03:20 +00:00
nfscbd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
nfsd Update the pnfs(4) man page. 2018-07-10 22:53:07 +00:00
nfsdumpstate DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
nfsrevoke DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
nfsuserd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
ngctl DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
nghook DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
nmtree DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
nologin DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
nscd DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
ntp Make it possible to run ntpd as a non-root user, add ntpd uid and gid. 2018-07-19 23:55:29 +00:00
nvram
ofwdump DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
pc-sysinstall share and pc-sysinstall: adoption of SPDX licensing ID tags. 2017-11-27 15:28:26 +00:00
pciconf Remove dead code (comma is either 0 or 1 for sure, no need to test). 2018-01-05 07:29:02 +00:00
periodic periodic: fix exit status for nonexistent arguments 2017-11-20 23:51:51 +00:00
pkg pkg: accept -y and --yes from arguments 2018-04-13 18:25:00 +00:00
pmc pmc: remove trailing whitespace 2018-06-13 09:17:04 +00:00
pmcannotate Teach pmcannotate about $TMPDIR and _PATH_TMP 2018-05-18 14:14:04 +00:00
pmccontrol pmc: convert native to jsonl and track TSC value of samples 2018-06-07 02:03:22 +00:00
pmcstat pmc: convert native to jsonl and track TSC value of samples 2018-06-07 02:03:22 +00:00
pmcstudy DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
pnfsdscopymr Use the .Fx macro in the man page. 2018-06-15 21:07:14 +00:00
pnfsdsfile Document the new "-m" command line option for pnfsdsfile(8). 2018-07-01 17:51:52 +00:00
pnfsdskill Document the "-f" option added to pnfsdskill(8) by r336176. 2018-07-10 18:44:44 +00:00
pnpinfo DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
portsnap Add basic examples to portsnap(8). 2018-07-01 16:18:38 +00:00
powerd powerd: correct ifdef check for ppc 2018-06-27 01:28:09 +00:00
ppp ppp(8): fix code producing debugging logs 2018-02-10 17:09:51 +00:00
pppctl pppctl88) Avoid strcpy() copies on overlapping string. 2018-01-29 14:23:44 +00:00
praliases DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
praudit praudit(1): add tests 2018-06-17 17:31:16 +00:00
prometheus_sysctl_exporter DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
pstat General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
pw Allow the "@" and "!" characters in passwd file GECOS fields. 2018-03-01 17:47:28 +00:00
pwd_mkdb pwd_mkdb: retire legacy v3 db support (-l option) 2018-05-01 00:53:46 +00:00
quot Revert r313780 (UFS_ prefix) 2018-03-17 12:59:55 +00:00
quotaon General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
rarpd SPDX: mostly fixes to previous changes. 2017-12-13 16:13:17 +00:00
repquota General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
rip6query General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
rmt Fix missing files in METALOG with -DNO_ROOT 2018-06-29 21:15:17 +00:00
route6d Reduce <sys/queue.h> pollution. 2018-05-11 00:01:43 +00:00
rpc.lockd userland: Fix several typos and minor errors 2017-12-27 03:23:01 +00:00
rpc.statd spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
rpc.umntall various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
rpc.yppasswdd spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
rpc.ypupdated spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
rpc.ypxfrd spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
rpcbind Plug a possible memory leak. 2018-03-19 05:49:26 +00:00
rrenumd General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
rtadvctl various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
rtadvd Reduce <sys/queue.h> pollution. 2018-05-11 00:01:43 +00:00
rtprio various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
rtsold General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
rwhod Convert cap_enter() < 0 && errno != ENOSYS to caph_enter() < 0. 2018-06-19 23:43:14 +00:00
sa various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
sendmail DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
service Use "$@" instead of $* to cope with parameters that have spaces in 2018-06-13 06:11:04 +00:00
services_mkdb various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
sesutil DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
setfib General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
setfmac various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
setpmac various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
smbmsg various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
snapinfo various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
spi Add an example for displaying the manufacturer and size info from a 2018-06-23 23:08:25 +00:00
spkrtest various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
spray spray: fix the spelling in an output string 2018-03-05 16:13:29 +00:00
syslogd Allow the use of slashes in process names of RFC 3164 formatted messages. 2018-07-07 11:53:39 +00:00
sysrc sysrc(8): Send error message to stderr (not stdout) 2018-07-16 18:53:17 +00:00
tcpdchk DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
tcpdmatch DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
tcpdrop Use uintptr_t alone when assigning to kvaddr_t variables. 2018-07-10 13:03:06 +00:00
tcpdump DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
tests
timed timed: slave is an infinite loop, mark it as such 2018-01-13 20:35:32 +00:00
traceroute various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
traceroute6 Fix in the documentation that the default hop limit is not 30, but 2018-05-02 19:36:46 +00:00
trpt trpt(8): Clean up build hack to detect ancient compiler 2018-02-16 20:46:44 +00:00
tzsetup DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
uathload various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
uefisign Use capsicum helpers in fstype and ctld. 2018-07-15 17:21:19 +00:00
ugidfw various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
uhsoctl various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
unbound If the sole non-option command line argument is "none", remove any 2018-05-12 18:07:53 +00:00
usbconfig Clean up the EXAMPLES section of usbconfig(8). This removes parts that 2018-04-29 10:45:09 +00:00
usbdump various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
utx various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
vidcontrol various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
vigr
vipw General further adoption of SPDX licensing ID tags. 2017-11-20 19:49:47 +00:00
wake various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
watch Revert r327005 - SPDX tags for license similar to BSD-2-Clause. 2017-12-20 20:25:28 +00:00
watchdogd various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
wlandebug libifconfig: multiple feature additions 2018-02-23 03:11:43 +00:00
wpa MFV r324714: 2018-07-11 18:53:18 +00:00
yp_mkdb spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
ypbind various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
ypldap DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
yppoll various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
yppush spdx: initial adoption of licensing ID tags. 2017-11-18 14:26:50 +00:00
ypserv su_data: correct macro expansion. 2018-02-08 14:53:34 +00:00
ypset various: general adoption of SPDX licensing ID tags. 2017-11-27 15:37:16 +00:00
zic DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
zonectl DIRDEPS_BUILD: Update dependencies. 2017-10-31 00:07:04 +00:00
zzz
Makefile Add spi(8), a utility for communicating with a device on a SPI bus from 2018-06-22 01:59:19 +00:00
Makefile.amd64 Remove obsolete asf(8) 2018-06-15 17:44:21 +00:00
Makefile.arm
Makefile.arm64
Makefile.i386 Remove obsolete asf(8) 2018-06-15 17:44:21 +00:00
Makefile.inc
Makefile.mips
Makefile.powerpc
Makefile.sparc64