ntpd segfaults on start
Cy Schubert
Cy.Schubert at cschubert.com
Sat Sep 7 13:09:25 UTC 2019
In message <20190907075619.GG2559 at kib.kiev.ua>, Konstantin Belousov writes:
> On Sat, Sep 07, 2019 at 12:53:19AM -0700, Harlan Stenn wrote:
> > Cy,
> >
> > On 9/6/2019 4:56 PM, Cy Schubert wrote:
> > > ...
> > >
> > > For those who enable ASLR, a better workaround is, to add this to your
> > > ntp.conf:
> > >
> > > rlimit memlock 64
> > >
> > > Until a more precise default is determined.
> >
> > Should I change the default value for FreeBSD-12 to be 64 for now?
> >
> > I can get this change in place for the upcoming ntp-4.2.8p14 release,
> > and we can change it later if needed.
>
> ASLR is disabled by default, so if anybody tweak a system config, she
> should know better to tweak ntpd as well. I am fine with changing the
> defaults for ntpd, but I think that more useful would be to update
> the documentation (but where to put it ?).
I agree. We should update the documentation for now. 64 MB was my first
successful test but I suspect we can get it lower, like 47 MB. For now we
can update the documentation to say that if a person enables ASLR they must
add this to ntp.conf. I'll find the best number instead of the current
sledgehammer.
Where to put it? I've added it to the ASLR wiki (https://wiki.freebsd.org/AS
LR) for now. An ASLR page should go into the handbook documenting how to
use up ASLR and gotchas like this and mitigations.
64 MB is safe for now. I will do more testing. I think it can go below 47.
My sandbox has been running ntpd all night with 47 so far. I will try lower.
--
Cheers,
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: http://www.FreeBSD.org
The need of the many outweighs the greed of the few.
More information about the freebsd-current
mailing list