summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2019-10-26 19:49:47 +0200
committerThomas Deutschmann <whissi@gentoo.org>2019-10-26 19:50:54 +0200
commitdef2c6ace829ce9e98c8963802a0b3baf916ac72 (patch)
treedcd11221a916fc4b0b9a0bd19a0f295c93190b8b /net-misc/ntpsec/files
parentsys-apps/systemd: revbump for static-libs support (diff)
downloadgentoo-def2c6ace829ce9e98c8963802a0b3baf916ac72.tar.gz
gentoo-def2c6ace829ce9e98c8963802a0b3baf916ac72.tar.bz2
gentoo-def2c6ace829ce9e98c8963802a0b3baf916ac72.zip
net-misc/ntpsec: update unit file to avoid CVE-2015-5300
Bug: https://bugs.gentoo.org/697024 Package-Manager: Portage-2.3.78, Repoman-2.3.17 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'net-misc/ntpsec/files')
-rw-r--r--net-misc/ntpsec/files/ntpd-r1.service19
1 files changed, 19 insertions, 0 deletions
diff --git a/net-misc/ntpsec/files/ntpd-r1.service b/net-misc/ntpsec/files/ntpd-r1.service
new file mode 100644
index 000000000000..5da473805aa0
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpd-r1.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=Network Time Service
+After=network.target nss-lookup.target
+Conflicts=systemd-timesyncd.service
+
+[Service]
+Type=forking
+PrivateTmp=true
+EnvironmentFile=-/etc/conf.d/ntp
+ExecStart=/usr/sbin/ntpd ${NTPD_OPTS}
+# Specifying -g on the command line allows ntpd to make large adjustments to
+# the clock on boot. However, if Restart=yes is set, a malicious (or broken)
+# server could send the incorrect time, trip the panic threshold, and when
+# ntpd restarts, serve it the incorrect time (which would be accepted).
+Restart=no
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target