using chroot option for ntpd

[stan]

On Fri, 2005-07-22 at 10:17 +0200, Martin Pitt wrote:
> stan [2005-07-22  8:32 +0100]:
> > ntpd has a -i option to chroot itself, which the ntp-simple package
> > isn't using.  Is it worthwhile using it given that it does switch to a
> > non root/restricted user?
> 
> With the current default Linux kernel, chroots do nothing to improve
> security.

could you provide any pointers on this?  Googling only indicates issues
if root priviledges are able to be obtained in the chroot.

>  ntpd runs as normal user, so it already has only minimal
> privileges, and can't do anything serious on the hard disk anyway. So
> what would be the benefit of chrooting it?

Sounds like none, but I thought the chroot would stop access to
e.g. /etc/passwd which would provide a username for a dictionary based
attack.  Of course this is mute if the ntp user can escape the chroot as
easily as root is able to.