[SunHELP] Patch for OpenNTPd on Solaris 10 (preliminary)

[Todd Carson]

Hello.

I've been working on patching the new OpenNTPd daemon from the OpenBSD
project to take advantage of Solaris 10's process privileges. I have a
preliminary patch that seems to work for me and that I'd appreciate
testing and feedback for.

With this patch, OpenNTPd will use Solaris privileges to set its uid,
chroot, and bind to port 123, then drop them when no longer needed. The
privileged parent no longer runs as root and is left with only the
sys_time privilege which it will toggle on and off when necessary. The
unprivileged child runs as a different non-root user, and has no extra
privileges once it is up and running.

The latest portable OpenNTPd distribution can be found at:
http://www.openntpd.org/dist/portable/
And my patch can be found at:
http://www.pitt.edu/~toc1/openntpd-solaris.diff.gz

You'll need a new _ntpu user and group besides the existing _ntp ones,
so that the privsep parent and child can both run as non-root but still
be different users.

When building OpenNTPd, with or without my patch, on Solaris 10 b63, it
seems that you can't use the Sun-supplied copy of OpenSSL. It uses Sun's
cryptographic framework, which will break in a chroot jail unless many
configuration files, libraries, and devices are copied in and the jail
is made writeable. It will be necessary to use another OpenSSL binary,
or build your own. Make sure it doesn't set O_NOFOLLOW when it tries to
open /dev/urandom, since that is a symbolic link on Solaris and
OpenSSL's PRNG can't be seeded if it can't open that device.

Please note that this is the first time I've ever tried to write a patch
for an open source program with the intent of releasing it, so I would
greatly appreciate any feedback on the code or anything I should be
doing differently.

 -- Todd Carson
tc at telerama.com