Bug 126360 - init script does ntpdate with -U to drop root priv
Summary: init script does ntpdate with -U to drop root priv
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: ntp
Version: rawhide
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-06-20 05:59 UTC by Jon Smirl
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-08-30 11:09:16 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Jon Smirl 2004-06-20 05:59:37 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040211 Firefox/0.8

Description of problem:
In the ntpd init script it does:
/usr/sbin/ntpdate $dropstr -s -b -p 8 $tickers 2>/dev/null >/dev/null

The $drop string contains:
-U ntp

This works fine on the standard Redhat kernel.

On a kernel without SE Linux turned on it fails. 

debug.5:May 25 17:36:11 smirl ntpdate[3384]: cap_set_proc failed.
debug.5:May 25 17:36:12 smirl ntpd[3389]: cap_set_proc failed.

Workaround is to remove $dropstr on non-SE kernels.


Version-Release number of selected component (if applicable):
ntp-4.2.0-8

How reproducible:
Always

Comment 1 Josh Rollyson 2004-06-21 03:46:37 UTC
IIRC, this can be done with a non-selinux-enabled kernel, but
CAP_SETPCAP may need to have been unmasked in the kernel source
(include/linux/capability.h iirc)

If you test, you'll probably want to test for the presense of
capability flags, rather than for specific patches.


Comment 2 Harald Hoyer 2004-07-13 15:47:13 UTC
does loading the 'capability' module solve your problem?


Comment 3 Harald Hoyer 2004-07-13 15:47:27 UTC
see #101393

Comment 4 Jon Smirl 2004-07-15 04:37:17 UTC
I believe the 'capabilities' module is a 2.4 feature. I looked around
in the 2.6 tree can couldn't find anything by that name. I have the
'default' security model turned on. If I turn on 'selinux' the problem
goes away. The problem is still there with kernel 2.6.8-rc1.

I suspect ntpd -U is using a SELinux feature that is not there in a
standard kernel.

To change your kernel security mode, make xconfig, select security,
select enable different security mode, pick default instead of se.

Comment 5 Harald Hoyer 2004-08-30 11:09:16 UTC
capabilites are present in the kernel 2.6 and are essential for Red
Hat's security model. Without capabilities ntp cannot drop root
rights, so you have to remove the command line parameters yourself. sorry!


Note You need to log in before you can comment on or make changes to this bug.