You are not logged in.
- Topics: Active | Unanswered
#1 2021-06-16 11:31:58
- mvasi90
- Member
- Registered: 2017-02-02
- Posts: 41
NTPD -u ntp:ntp makes requests as root
Good afternoon,
All my systems have 3 default firewall policies:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROPThis is a whitelist mode.
I tried this rule:
# iptables -A OUTPUT --match udp --protocol udp --dport 123 --match owner --gid-owner ntp -j ACCEPTAnd I saw ntpd service not working (no internet connection).
Then, I added this iptables rule:
# iptables -A OUTPUT -j LOG --uid-logAnd this is the result:
kernel: IN= OUT=wlp3s1 SRC=192.168.1.5 DST=82.223.128.121 LEN=76 TOS=0x18 PREC=0xA0 TTL=64 ID=31789 DF PROTO=UDP SPT=123 DPT=123 LEN=56 UID=0 GID=0As you can see, the flag -u ntp:ntp of the systemd service is not working: UID=0 GID=0.
The ntpd daemon should not make requests as root. This is a serious security breach.
The systemd service file can contain the User and Group directives, but it is not the case because ntpd daemon already do this.
I should report a bug in Archlinux?
Offline