Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 134471 - ntpd loads IPv6 kernel module when it starts
Summary: ntpd loads IPv6 kernel module when it starts
Keywords:
Status: CLOSED DUPLICATE of bug 198045
Alias: None
Product: Fedora
Classification: Fedora
Component: initscripts
Version: 3
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On:
Blocks: FC5Target
TreeView+ depends on / blocked
 
Reported: 2004-10-03 15:14 UTC by Olivier Benghozi
Modified: 2014-03-17 02:48 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-07-10 20:39:36 UTC


Attachments (Terms of Use)

Description Olivier Benghozi 2004-10-03 15:14:20 UTC
Description of problem:
ntpd loads by itself the ipv6 kernel module, potentialy opening a
breach in the system. Initscripts could easyly prevent this by
managing a configuration line in /etc/modprobe.conf.

How reproducible:
Always

Steps to Reproduce:
When ntpd is started at boot, it loads ipv6 kernel module (by the way,
/etc/sysconfig/network can contain NETWORKING_IPV6=no).
Even if no ipv6 server is configured.

Ntpd should not loads ipv6 module by itself.

The problem is that this unexpected loading of ipv6 module creates a
serious problem: since it was not expected that ipv6 was to be
configured on the system, nothing is done to prevent ipv6 address
autoconfiguration or firewalling of ipv6 ports.

Additional info:

Suggestion: network initscripts should put a line
alias net-pf-10 off
in /etc/modprobe.conf by default or at least when NETWORKING_IPV6=no
exists in /etc/sysconfig/network.

Comment 1 Pekka Savola 2004-10-17 10:28:54 UTC
Does the aliasing actually work (anymore, with 2.6 kernels)? -- see 
the comments at:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112535

Comment 2 Matthew Miller 2005-04-26 15:25:38 UTC
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.

Comment 3 Miloslav Trmač 2006-03-01 02:17:08 UTC
ntpd is simply creating an PF_INET6 socket, which is a quite reasonable
operation.

With new modutils the equivalent of the alias would be
        install ipv6 /bin/true

Adding/removing this line in modprobe.conf would probably have to be done
in rc.sysinit to avoid such autoloading :(

Comment 4 Bill Nottingham 2006-07-10 20:07:27 UTC

*** This bug has been marked as a duplicate of 198045 ***

Comment 5 Matthew Miller 2006-07-10 20:37:13 UTC
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!


Comment 6 Miloslav Trmač 2006-07-10 20:39:36 UTC

*** This bug has been marked as a duplicate of 198045 ***


Note You need to log in before you can comment on or make changes to this bug.