Ubuntu
ntp package

ntpd apparmor rule does not allow reading dhcp based config

Bug #517701 reported by Saku Ytti
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
ntp (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

Binary package hint: ntp

Configuration file is located in /var/lib/ntp/ntp.conf.dhcp but /etc/apparmor.d/usr.sbin.ntpd does not allow reading it, it does allow reading /etc/ntp.conf.dhcp though, so it is unclear if file is generated in wrong location or if apparmor should allow reading this location, my guess is apparmor should be updated.

ProblemType: Bug
Architecture: amd64
CheckboxSubmission: 27ea4f2fd44978993c33d11dbccf69e2
CheckboxSystem: b845c366ea09c60efa3a45c1b5b21525
Date: Fri Feb 5 19:15:01 2010
DistroRelease: Ubuntu 10.04
NtpStatus: Name or service not known
Package: ntp 1:4.2.4p8+dfsg-1ubuntu1
ProcVersionSignature: Ubuntu 2.6.32-12.16-generic
SourcePackage: ntp
Uname: Linux 2.6.32-12-generic x86_64
mtime.conffile..etc.apparmor.d.usr.sbin.ntpd: 2010-02-05T19:13:57.382066
mtime.conffile..etc.ntp.conf: 2010-02-05T18:34:34.172054

Related branches

lp:ubuntu/maverick/ntp

CVE References

Revision history for this message
Saku Ytti (ubuntu-ip) wrote :
Revision history for this message
Mathias Gug (mathiaz) wrote : Re: [Bug 517701] [NEW] ntpd apparmor rule does not allow reading dhcp based config

Hi,

On Fri, Feb 05, 2010 at 05:18:48PM -0000, Saku Ytti wrote:
>
> Configuration file is located in /var/lib/ntp/ntp.conf.dhcp

Which component/process is generating this configuration file?

  status incomplete
  priority low

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com

Changed in ntp (Ubuntu):
importance: Undecided → Low
Revision history for this message
Saku Ytti (ubuntu-ip) wrote :

/etc/dhcp3/dhclient-exit-hooks.d/ntp which ships in ntp package.

Revision history for this message
John Ferlito (johnf-inodes) wrote :

Looks like the config file was moved a while back but apparmour hasn't been updated

ntp (1:4.2.4p6+dfsg-2) unstable; urgency=medium

  * Fixed typo in ntpdate man page (closes: #526086)
  * Updated standards version
  * Moved .dhcp version of configuration files to /var/lib/ntp and
    /var/lib/ntpdate (closes: #524035)
  * Cleaned up man pages to satisfy lintian's hyphen-used-as-minus-sign
    complaint
  * Fixed limited buffer overflow in ntpq (CVE-2009-0159) (closes: #525373)
  * Fixed stack buffer overflow in ntpd (CVE-2009-1252) (closes: #525373)
  * Use new status_of_proc function to report status in ntp init script
  * Updated the config.guess/sub handling as recommended by autotools-dev to
    not clutter the diff, added autotools-dev to build dependencies

Chuck Short (zulcss)
Changed in ntp (Ubuntu):
status: Incomplete → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ntp - 1:4.2.4p8+dfsg-1ubuntu2

---------------
ntp (1:4.2.4p8+dfsg-1ubuntu2) lucid; urgency=low

  * debian/apparmor-profile: allow reading of /var/lib/ntp/ntp.conf.dhcp
    (LP: #517701)
 -- Jamie Strandboge <email address hidden> Thu, 08 Apr 2010 16:24:42 -0500

Changed in ntp (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.