Bug 34351 - [W/ FIX] Broken ntp programs (ntpq, ntpd, ...) which hang on network access on alpha 164LX when using access control
Summary: [W/ FIX] Broken ntp programs (ntpq, ntpd, ...) which hang on network access o...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: ntp
Version: 7.0
Hardware: alpha
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Preston Brown
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-04-02 15:08 UTC by Paul Millar
Modified: 2007-04-18 16:32 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2001-04-02 15:08:18 UTC
Embargoed:

Attachments (Terms of Use)

Description Paul Millar 2001-04-02 15:08:14 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.17-14 alpha; en-US; 0.8)
Gecko/20010217


Using package ntp with md5 hash:

ntp-4.0.99j-7.alpha.rpm: B4 32 03 78 86 4F 18 A3  7D 96 FE 6E B3 F7 D9 E4

ntpd apparently starts from init.d scripts fine, except for the syslog entry:

Apr  2 15:12:12 xxxxxxxx ntpd[5754]: 0.0.0.0 is inappropriate address for
the fudge command, line ignored

(the fudge command exists in /etc/ntp.conf, but is not set to the 0.0.0.0
address)

With an everything-allowed access policy, it works. With a deny-by-default
access policy, "ntpq -p" hangs with the following message:

127.0.0.1: timed out, nothing received
***Request timed out

despite having expicit allow access lines for both 127.0.0.1 and the
machines ethernet IP address. Similar problems occur when using the ntpdc
and ntptrace programs.


Reproducible: Always
Steps to Reproduce:
1.rpm -Uvh --force ntp-4.0.99j-7.alpha.rpm
2.Add a few servers and the lines:
     restrict default allow
     restrict 127.0.0.1
  to the top of the file /etc/ntp.conf
3./etc/rc.d/init.d/ntpd start
4.ntpq -p
5.Change "restrict default allow" to "restrict default ignore"
6./etc/rc.d/init.d/ntpd restart
7.ntpq -p
	

Actual Results:  output from step 4:
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 0.0.0.0         0.0.0.0         16 u    -   64    0    0.000    0.000 4000.00
 xxx.xxxxxxx.gla maverick.mcc.ac  3 u   51   64    3    0.337    2.150   0.001
 xxxxx.xxxxxxx.g maverick.mcc.ac  3 u   20   64    3    0.245   -3.906   0.001
 xxxxx.xxxxxxx.g veracity.mcc.ac  3 u   13   64    3    0.280    3.043   0.003

output from step7:

127.0.0.1: timed out, nothing received
***Request timed out


Expected Results: 

step 4 produces correct output, step 7 should produce the following output
(as we haven't allowed access from our servers):
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 LOCAL(0)        LOCAL(0)        10 l   39   64    3    0.000    0.000   0.000
 xxx.xxxxxxx.gla 0.0.0.0         16 u    -   64    0    0.000    0.000 4000.00
 xxxxx.xxxxxxx.g 0.0.0.0         16 u    -   64    0    0.000    0.000 4000.00
 xxxxx.xxxxxxx.g 0.0.0.0         16 u    -   64    0    0.000    0.000 4000.00


FIX: recompile from the Source RPM using gcc-2.96-69. Install (using
--force option) and restart server.

Although I've tagged this bug's severity as Security, it's a minor one.
Without an access policy, unauthorised machines can alter you machines'
concept of time. This is unlikely, in itself, to be a security problem, but
it may prove "useful" when combined with other attacks.

NB this style of bug (network access on Alpha 164LX) is common to other
bugs (gdm-xdmcp, samba) which are also solved by recompiling with gcc-2.96-69.
Comment 1 Preston Brown 2001-04-03 16:25:44 UTC 
NTP in 7.1 has been recompiled with the newer compiler release.  These packages
are available via rawhide, and will of course also be in the next release.
Note You need to log in before you can comment on or make changes to this bug.