You are not logged in.

#1 2021-06-16 11:31:58

mvasi90
Member
Registered: 2017-02-02
Posts: 41

NTPD -u ntp:ntp makes requests as root

Good afternoon,

All my systems have 3 default firewall policies:

-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP

This is a whitelist mode.

I tried this rule:

# iptables -A OUTPUT --match udp --protocol udp --dport 123 --match owner --gid-owner ntp -j ACCEPT

And I saw ntpd service not working (no internet connection).

Then, I added this iptables rule:

# iptables -A OUTPUT -j LOG --uid-log

And this is the result:

kernel: IN= OUT=wlp3s1 SRC=192.168.1.5 DST=82.223.128.121 LEN=76 TOS=0x18 PREC=0xA0 TTL=64 ID=31789 DF PROTO=UDP SPT=123 DPT=123 LEN=56 UID=0 GID=0

As you can see, the flag -u ntp:ntp of the systemd service is not working: UID=0 GID=0.

The ntpd daemon should not make requests as root. This is a serious security breach.

The systemd service file can contain the User and Group directives, but it is not the case because ntpd daemon already do this.

I should report a bug in Archlinux?

Offline

Board footer

Powered by FluxBB