[OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude dnsmasq.time

Bastian Bittorf bittorf at bluebottle.com
Wed Sep 23 02:13:46 EDT 2015

* Yousong Zhou <yszhou4tech at gmail.com> [23.09.2015 07:58]:
> In theory, a security sensitive mechanism's dependence on a
> non-reliable timestamp file with access permission nobody:nogroup
> makes little sense to me.  How about that we do --dnssec-no-timecheck
> on dnsmasq startup time and notify it of the system time change from
> ntpd hotplug script?

this sounds good to me, but will be another patch.

should we drop this patch completely or does it still
make sense to deny reading '/etc/dnsmasq.time'?

and: of which hotplug script you are talking about?
find /etc/hotplug.d -name '*ntp*'
= empty

> Another idea would be to delegate timestamp update task to a specific
> service program like ntpd or procd and later on system startup we set
> system time from the specific file.

unsure if this is overkill, just for 1 service.

thanks for feedback - bye, bastian
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list