Boris Goldberg wrote:

[snip]

quoted text
>   There  are  pros  and  cons  in  the  "demon" and in the "cron" schema. I

> decided  to  use  cron and I know why. Every sysadmin/architect should make

> that  decision  for  *his*  systems  (and  know  why).  "Home users" should

> probably  stay  with the default (ntpd), but they are usually using Windows

> and cheap "hardware" firewalls anyway. ;)

[snip]

I hate beating a dead horse, but this one needs one more whack.
OpenNTPD runs as a 'daemon,' yes, but it does so using privilege

separation and other goodies.  The network code runs as a normal user,

isolated from other users.  This is superior to running rdate AS ROOT

from a cronjob.  OpenNTPD does not open any TCP or UDP ports by default.
It is true that rdate has about 63% less lines of code than ntpd and is

older, and may have had more code audits performed; However, ntpd is new

code, written with security in mind, runs as a normal user (privilege

separated for the most part) and has superior time keeping ability.
Your advice about not running a daemon if it's possible to do the task

otherwise may be true with a (bloated) daemon such as ntp.org ntpd,

however, with OpenNTPD the tables are turned.  It is far safer to run

the 'daemon' than to perform the task otherwise.
That being said, it is up to the individual users to decide what to do.

 Hopefully this above explanation will help those who don't necessarily

understand the risks of running programs as root vice daemons which

execute code with proper separation of privileges.
-Brian
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]