[pkg-ntp-maintainers] Bug#793745: [PATCH] I'm seeing it too.

Sun Aug 2 19:22:27 UTC 2015

Since I run a pool server, I have a customized config.  That means that
I have the pool servers commented out, and the comment on the rlimit
command says it's not needed in that case, so I left it out of my config.

And ran into the same problem.

Really, ntpd should make calls like getpwuid() before calling mlock,
This requires breaking -u option processing has to be broken into
two phases (since you can't mlock after changing uid), but it's not that
hard.  Appended is a (working for me) patch to do just that.

The mlockall() fails because it exceeds the available limit, but ntpd
just logs the error and continues.  In the original, earlier location
it succeeds, but then later allocations fail due to the same limit.
diff -ru ntp-4.2.8p3+dfsg.orig/ntpd/ntpd.c ntp-4.2.8p3+dfsg/ntpd/ntpd.c

--- ntp-4.2.8p3+dfsg.orig/ntpd/ntpd.c	2015-08-01 22:46:20.000000000 -0400
+++ ntp-4.2.8p3+dfsg/ntpd/ntpd.c	2015-08-02 14:53:20.879051191 -0400
@@ -792,37 +792,6 @@
 	 */
 	getconfig(argc, argv);
 
-	if (do_memlock) {
-# if defined(HAVE_MLOCKALL)
-		/*
-		 * lock the process into memory
-		 */
-		if (!HAVE_OPT(SAVECONFIGQUIT) &&
-		    0 != mlockall(MCL_CURRENT|MCL_FUTURE))
-			msyslog(LOG_ERR, "mlockall(): %m");
-# else	/* !HAVE_MLOCKALL follows */
-#  ifdef HAVE_PLOCK
-#   ifdef PROCLOCK
-		/*
-		 * lock the process into memory
-		 */
-		if (!HAVE_OPT(SAVECONFIGQUIT) && 0 != plock(PROCLOCK))
-			msyslog(LOG_ERR, "plock(PROCLOCK): %m");
-#   else	/* !PROCLOCK follows  */
-#    ifdef TXTLOCK
-		/*
-		 * Lock text into ram
-		 */
-		if (!HAVE_OPT(SAVECONFIGQUIT) && 0 != plock(TXTLOCK))
-			msyslog(LOG_ERR, "plock(TXTLOCK) error: %m");
-#    else	/* !TXTLOCK follows */
-		msyslog(LOG_ERR, "plock() - don't know what to lock!");
-#    endif	/* !TXTLOCK */
-#   endif	/* !PROCLOCK */
-#  endif	/* HAVE_PLOCK */
-# endif	/* !HAVE_MLOCKALL */
-	}
-
 	loop_config(LOOP_DRIFTINIT, 0);
 	report_event(EVNT_SYSRESTART, NULL, NULL);
 	initializing = FALSE;
@@ -931,6 +900,49 @@
 				exit (-1);
 			}
 		}
+	}
+# endif /* HAVE_DROPROOT */
+
+	/*
+	 * DROPROOT is divided into two phases.  Gathering information
+	 * is done before locking us into memory, since /etc/nsswitch.conf
+	 * can mess with our address space.  Actually dropping privileges
+	 * is done after.  (We can chroot() before, since the mlock()
+	 * system call doesn't depend on that.)
+	 */
+	if (do_memlock) {
+# if defined(HAVE_MLOCKALL)
+		/*
+		 * lock the process into memory
+		 */
+		if (!HAVE_OPT(SAVECONFIGQUIT) &&
+		    0 != mlockall(MCL_CURRENT|MCL_FUTURE))
+			msyslog(LOG_ERR, "mlockall(): %m");
+# else	/* !HAVE_MLOCKALL follows */
+#  ifdef HAVE_PLOCK
+#   ifdef PROCLOCK
+		/*
+		 * lock the process into memory
+		 */
+		if (!HAVE_OPT(SAVECONFIGQUIT) && 0 != plock(PROCLOCK))
+			msyslog(LOG_ERR, "plock(PROCLOCK): %m");
+#   else	/* !PROCLOCK follows  */
+#    ifdef TXTLOCK
+		/*
+		 * Lock text into ram
+		 */
+		if (!HAVE_OPT(SAVECONFIGQUIT) && 0 != plock(TXTLOCK))
+			msyslog(LOG_ERR, "plock(TXTLOCK) error: %m");
+#    else	/* !TXTLOCK follows */
+		msyslog(LOG_ERR, "plock() - don't know what to lock!");
+#    endif	/* !TXTLOCK */
+#   endif	/* !PROCLOCK */
+#  endif	/* HAVE_PLOCK */
+# endif	/* !HAVE_MLOCKALL */
+	}
+
+# ifdef HAVE_DROPROOT
+	if (droproot) {
 #  ifdef HAVE_SOLARIS_PRIVS
 		if ((lowprivs = priv_str_to_set(LOWPRIVS, ",", NULL)) == NULL) {
 			msyslog(LOG_ERR, "priv_str_to_set() failed:%m");
Only in ntp-4.2.8p3+dfsg/ntpd: ntpd.c.orig

