[time-nuts] future NTP programs...

David C. Partridge david.partridge at perdrix.co.uk
Tue Nov 11 09:04:29 UTC 2014


> it would not be OK to design a daemon which handles the crypto stuff or the control packets in a root-process, those should go in a sandbox.

Absolutely agree, in my previous life in the data security arena (crypto, data security, white hat tester etc..), doing that sort of thing in a privileged process or similar (e.g. kernel) was a seriously discouraged - far too great a risk of compromise.  Keep it all in a user state process with NO write access to anything except the communications port (serial / UDP / TCP / w.h.y.) it is talking on.

Regards,
David Partridge 




More information about the Time-nuts_lists.febo.com mailing list