ntpd(8) is an example of a bloated daemon that runs with superuser privileges, making it problematic in a secure environment. Especially when you consider that accurate network time is a necessity for using the kerberos(8) authentication system. The clockctl(4) subsystem allows NTPD to run as a nonprivileged account, thus reducing the impact of an NTPD exploit.

OpenBSD uses a different approach—they rewrote a less bloated version of NTPD called OpenNTPD which uses privilege separation.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook

Post a comment