ntpd.c:

author Frank Kardel <kardel@ntp.org>

Sun, 4 Feb 2007 17:56:17 +0000 (17:56 +0000)

committer Frank Kardel <kardel@ntp.org>

Sun, 4 Feb 2007 17:56:17 +0000 (17:56 +0000)
author Frank Kardel <kardel@ntp.org>
Sun, 4 Feb 2007 17:56:17 +0000 (17:56 +0000)
committer Frank Kardel <kardel@ntp.org>
Sun, 4 Feb 2007 17:56:17 +0000 (17:56 +0000)
diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c

index bc879666421ed599216bc6bd3d008ba3d7025f4b..b894e71f82c29dc01305ad6960d6102dfb713080 100644 (file)
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -931,11 +931,6 @@ getgroup:
                 }
         
  #ifndef HAVE_LINUX_CAPABILITIES
-               /*
-                * TODO:
-                * need to add more strategys for other systems that can bind to privileged ports
-                * without being "root"
-                */
                 /*
                  * for now assume that the privilege to bind to privileged ports
                  * is associated with running with uid 0 - should be refined on
@@ -951,8 +946,10 @@ getgroup:
  
  #ifdef HAVE_LINUX_CAPABILITIES
                 do {
-                       /*  We may be running under non-root uid now, but we still hold full root privileges!
-                        *  We drop all of them, except for the crucial one: cap_sys_time:
+                       /*
+                        *  We may be running under non-root uid now, but we still hold full root privileges!
+                        *  We drop all of them, except for the crucial one or two: cap_sys_time and
+                        *  cap_net_bind_service if doing dynamic interface tracking.
                          */
                         cap_t caps;
                         char *captext = interface_interval ?
author	Frank Kardel <kardel@ntp.org>
	Sun, 4 Feb 2007 17:56:17 +0000 (17:56 +0000)
committer	Frank Kardel <kardel@ntp.org>
	Sun, 4 Feb 2007 17:56:17 +0000 (17:56 +0000)