Bug 134471 - ntpd loads IPv6 kernel module when it starts
Summary: ntpd loads IPv6 kernel module when it starts
Status: CLOSED DUPLICATE of bug 198045
Alias: None
Product: Fedora
Classification: Fedora
Component: initscripts   
(Show other bugs)
Version: 3
Hardware: All Linux
medium
low
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Brock Organ
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: FC5Target
TreeView+ depends on / blocked
 
Reported: 2004-10-03 15:14 UTC by Olivier Benghozi
Modified: 2014-03-17 02:48 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-07-10 20:39:36 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Olivier Benghozi 2004-10-03 15:14:20 UTC
Description of problem:
ntpd loads by itself the ipv6 kernel module, potentialy opening a
breach in the system. Initscripts could easyly prevent this by
managing a configuration line in /etc/modprobe.conf.

How reproducible:
Always

Steps to Reproduce:
When ntpd is started at boot, it loads ipv6 kernel module (by the way,
/etc/sysconfig/network can contain NETWORKING_IPV6=no).
Even if no ipv6 server is configured.

Ntpd should not loads ipv6 module by itself.

The problem is that this unexpected loading of ipv6 module creates a
serious problem: since it was not expected that ipv6 was to be
configured on the system, nothing is done to prevent ipv6 address
autoconfiguration or firewalling of ipv6 ports.

Additional info:

Suggestion: network initscripts should put a line
alias net-pf-10 off
in /etc/modprobe.conf by default or at least when NETWORKING_IPV6=no
exists in /etc/sysconfig/network.

Comment 1 Pekka Savola 2004-10-17 10:28:54 UTC
Does the aliasing actually work (anymore, with 2.6 kernels)? -- see 
the comments at:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112535

Comment 2 Matthew Miller 2005-04-26 15:25:38 UTC
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.

Comment 3 Miloslav Trmač 2006-03-01 02:17:08 UTC
ntpd is simply creating an PF_INET6 socket, which is a quite reasonable
operation.

With new modutils the equivalent of the alias would be
        install ipv6 /bin/true

Adding/removing this line in modprobe.conf would probably have to be done
in rc.sysinit to avoid such autoloading :(

Comment 4 Bill Nottingham 2006-07-10 20:07:27 UTC

*** This bug has been marked as a duplicate of 198045 ***

Comment 5 Matthew Miller 2006-07-10 20:37:13 UTC
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!


Comment 6 Miloslav Trmač 2006-07-10 20:39:36 UTC

*** This bug has been marked as a duplicate of 198045 ***


Note You need to log in before you can comment on or make changes to this bug.