[OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude dnsmasq.time
Kevin Darbyshire-Bryant
kevin at darbyshire-bryant.me.uk
Wed Sep 23 05:05:17 EDT 2015
On 23/09/15 07:13, Bastian Bittorf wrote:
> * Yousong Zhou <yszhou4tech at gmail.com> [23.09.2015 07:58]:
>> In theory, a security sensitive mechanism's dependence on a
>> non-reliable timestamp file with access permission nobody:nogroup
>> makes little sense to me. How about that we do --dnssec-no-timecheck
>> on dnsmasq startup time and notify it of the system time change from
>> ntpd hotplug script?
> this sounds good to me, but will be another patch.
>
> should we drop this patch completely or does it still
> make sense to deny reading '/etc/dnsmasq.time'?
In my humble opinion the startup efficiency improvements alone are worth
having and in the short term at least, dnsmasq should not be being fed
with its own timestamp.
There will be another email in reply to the other issues.
Cheers,
Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4816 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150923/83a41f1b/attachment.p7s>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list