Description of problem: ntpd loads by itself the ipv6 kernel module, potentialy opening a breach in the system. Initscripts could easyly prevent this by managing a configuration line in /etc/modprobe.conf. How reproducible: Always Steps to Reproduce: When ntpd is started at boot, it loads ipv6 kernel module (by the way, /etc/sysconfig/network can contain NETWORKING_IPV6=no). Even if no ipv6 server is configured. Ntpd should not loads ipv6 module by itself. The problem is that this unexpected loading of ipv6 module creates a serious problem: since it was not expected that ipv6 was to be configured on the system, nothing is done to prevent ipv6 address autoconfiguration or firewalling of ipv6 ports. Additional info: Suggestion: network initscripts should put a line alias net-pf-10 off in /etc/modprobe.conf by default or at least when NETWORKING_IPV6=no exists in /etc/sysconfig/network.
Does the aliasing actually work (anymore, with 2.6 kernels)? -- see the comments at: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112535
Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match.
ntpd is simply creating an PF_INET6 socket, which is a quite reasonable operation. With new modutils the equivalent of the alias would be install ipv6 /bin/true Adding/removing this line in modprobe.conf would probably have to be done in rc.sysinit to avoid such autoloading :(
*** This bug has been marked as a duplicate of 198045 ***
Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you!