From: Frank Kardel <kardel@ntp.org>
Date: Sun, 4 Feb 2007 17:56:17 +0000 (+0000)
Subject: ntpd.c:
X-Git-Tag: NTP_4_2_5P6~4^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e7857bc9ca810f41efbee135473260dad6d583be;p=thirdparty%2Fntp.git

ntpd.c:
  comment clarification about capabilities used

bk: 45c61e41mO4C6Qod5g0YmdXAx81gBw
---

diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c
index bc8796664..b894e71f8 100644
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -931,11 +931,6 @@ getgroup:
 		}
 	
 #ifndef HAVE_LINUX_CAPABILITIES
-		/*
-		 * TODO:
-		 * need to add more strategys for other systems that can bind to privileged ports
-		 * without being "root"
-		 */
 		/*
 		 * for now assume that the privilege to bind to privileged ports
 		 * is associated with running with uid 0 - should be refined on
@@ -951,8 +946,10 @@ getgroup:
 
 #ifdef HAVE_LINUX_CAPABILITIES
 		do {
-			/*  We may be running under non-root uid now, but we still hold full root privileges!
-			 *  We drop all of them, except for the crucial one: cap_sys_time:
+			/*
+			 *  We may be running under non-root uid now, but we still hold full root privileges!
+			 *  We drop all of them, except for the crucial one or two: cap_sys_time and
+			 *  cap_net_bind_service if doing dynamic interface tracking.
 			 */
 			cap_t caps;
 			char *captext = interface_interval ?