[time-nuts] future NTP programs...
David C. Partridge
david.partridge at perdrix.co.uk
Tue Nov 11 04:04:29 EST 2014
> it would not be OK to design a daemon which handles the crypto stuff or the control packets in a root-process, those should go in a sandbox.
Absolutely agree, in my previous life in the data security arena (crypto, data security, white hat tester etc..), doing that sort of thing in a privileged process or similar (e.g. kernel) was a seriously discouraged - far too great a risk of compromise. Keep it all in a user state process with NO write access to anything except the communications port (serial / UDP / TCP / w.h.y.) it is talking on.
Regards,
David Partridge
More information about the time-nuts
mailing list