the main process must chdir to /, since it cannot have daemon() do the

job at startup.  After much anguish I accept dlg's solution of chdir
for the problem ("starting ntpd on a filesystem I want to unmount"),
but we cannot change the main-process daemon() call.  Why?  Because
the ntpd privsep design predates more modern designs where the config
file is parsed once, and configuration marshalled to the fork+exec
children.  Instead each ntpd process re-parses the config, and if
we chdir before fork+exec startup, it will move the basedir causing
-f "relativepath" to fail.

discussed with florian

diff --git a/usr.sbin/ntpd/ntpd.c b/usr.sbin/ntpd/ntpd.c
index cb6bc13..c646ec3 100644 (file)
--- a/usr.sbin/ntpd/ntpd.c
+++ b/usr.sbin/ntpd/ntpd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ntpd.c,v 1.116 2018/08/08 22:56:42 deraadt Exp $ */
+/*     $OpenBSD: ntpd.c,v 1.117 2018/08/31 18:45:02 deraadt Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -220,6 +220,9 @@ main(int argc, char *argv[])
            pipe_chld) == -1)
                fatal("socketpair");
 
+       if (chdir("/") == -1)
+               fatal("chdir(\"/\")");
+
        signal(SIGCHLD, sighdlr);
 
        /* fork child process */