Bug 134471 - ntpd loads IPv6 kernel module when it starts
ntpd loads IPv6 kernel module when it starts
Status: CLOSED DUPLICATE of bug 198045
Product: Fedora
Classification: Fedora
Component: initscripts (Show other bugs)
3
All Linux
medium Severity low
: ---
: ---
Assigned To: Bill Nottingham
Brock Organ
:
Depends On:
Blocks: FC5Target
  Show dependency treegraph
 
Reported: 2004-10-03 11:14 EDT by Olivier Benghozi
Modified: 2014-03-16 22:48 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-10 16:39:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Olivier Benghozi 2004-10-03 11:14:20 EDT
Description of problem:
ntpd loads by itself the ipv6 kernel module, potentialy opening a
breach in the system. Initscripts could easyly prevent this by
managing a configuration line in /etc/modprobe.conf.

How reproducible:
Always

Steps to Reproduce:
When ntpd is started at boot, it loads ipv6 kernel module (by the way,
/etc/sysconfig/network can contain NETWORKING_IPV6=no).
Even if no ipv6 server is configured.

Ntpd should not loads ipv6 module by itself.

The problem is that this unexpected loading of ipv6 module creates a
serious problem: since it was not expected that ipv6 was to be
configured on the system, nothing is done to prevent ipv6 address
autoconfiguration or firewalling of ipv6 ports.

Additional info:

Suggestion: network initscripts should put a line
alias net-pf-10 off
in /etc/modprobe.conf by default or at least when NETWORKING_IPV6=no
exists in /etc/sysconfig/network.
Comment 1 Pekka Savola 2004-10-17 06:28:54 EDT
Does the aliasing actually work (anymore, with 2.6 kernels)? -- see 
the comments at:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112535
Comment 2 Matthew Miller 2005-04-26 11:25:38 EDT
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Comment 3 Miloslav Trmač 2006-02-28 21:17:08 EST
ntpd is simply creating an PF_INET6 socket, which is a quite reasonable
operation.

With new modutils the equivalent of the alias would be
        install ipv6 /bin/true

Adding/removing this line in modprobe.conf would probably have to be done
in rc.sysinit to avoid such autoloading :(
Comment 4 Bill Nottingham 2006-07-10 16:07:27 EDT

*** This bug has been marked as a duplicate of 198045 ***
Comment 5 Matthew Miller 2006-07-10 16:37:13 EDT
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!
Comment 6 Miloslav Trmač 2006-07-10 16:39:36 EDT

*** This bug has been marked as a duplicate of 198045 ***

Note You need to log in before you can comment on or make changes to this bug.