[OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude dnsmasq.time
Bastian Bittorf
bittorf at bluebottle.com
Wed Sep 23 02:13:46 EDT 2015
* Yousong Zhou <yszhou4tech at gmail.com> [23.09.2015 07:58]:
> In theory, a security sensitive mechanism's dependence on a
> non-reliable timestamp file with access permission nobody:nogroup
> makes little sense to me. How about that we do --dnssec-no-timecheck
> on dnsmasq startup time and notify it of the system time change from
> ntpd hotplug script?
this sounds good to me, but will be another patch.
should we drop this patch completely or does it still
make sense to deny reading '/etc/dnsmasq.time'?
and: of which hotplug script you are talking about?
find /etc/hotplug.d -name '*ntp*'
= empty
> Another idea would be to delegate timestamp update task to a specific
> service program like ntpd or procd and later on system startup we set
> system time from the specific file.
unsure if this is overkill, just for 1 service.
thanks for feedback - bye, bastian
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list