Ubuntu

IPv6 cannot be disabled on Jaunty

Reported by Augusto Santos on 2009-03-30
326
This bug affects 10 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Jaunty
Medium
Stefan Bader
Karmic
Medium
Unassigned

Bug Description

SRU Justification:

Impact: The method to disable IPV6 in Jaunty does not work, which does not allow systgem administrators to disable it on specific systems.

Fix: Patch from upstream which fixes the disable_ipv6 method.

Testcase: Try to disable ipv6 for a system with echo 1 >/proc/sys/net/ipv6/conf/all/disable_ipv6

=====

When using sysctl to disable IPv6, it doesn't work. The command I used is the following:
sysctl -w net.ipv6.conf.all.disable_ipv6=1

Looking around it seens this a bug in the linux kernel, which already has a fix, as described here: http://patchwork.ozlabs.org/patch/24127/

Please, backport this patch so IPv6 can easily be disabled on Jaunty!

I'm running Jaunty beta, updated as of 29/03/2009. Any details needed I'll be glad to provide.

67GTA (shawnr-wildblue) wrote :

There is a patch to correct this: http://patchwork.ozlabs.org/patch/24127/

Ancoron Luziferis (ancoron) wrote :

Can confirm this in the final version.

Kernel 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009.

Augusto Santos (mkhaos7) on 2009-05-11
Changed in linux (Ubuntu):
status: New → Confirmed
Jonas (jojje) wrote :

What's the schedule for making this fix available in the the Jaunty apt-repository?
Will it be included in linux-image-2.6.28-12 kernels?

joshis (joshis-czech) wrote :

joshis@joshis-desktop:~$ uname -a
Linux joshis-desktop 2.6.28-13-generic #44-Ubuntu SMP Tue Jun 2 07:55:09 UTC 2009 x86_64 GNU/Linux

Still present here - I am also interested about when the fix is delivered. :o(

Jamie Strandboge (jdstrand) wrote :

Another patch which is likely desirable to go with this one is:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe7ca2e1e847b65c12d245cbf402af89da96888a

This should allow "ipv6.disable=1" to work on the kernel command line. This is not need in Karmic, only Jaunty.

security vulnerability: no → yes
summary: - sysctl doesn't disable IPv6 on Jaunty
+ IPv6 cannot be disabled on Jaunty
Changed in linux (Ubuntu):
importance: Undecided → High
importance: High → Medium
Changed in linux (Ubuntu Jaunty):
status: New → Triaged
Jamie Strandboge (jdstrand) wrote :

Karmic is at 2.6.31 which is not affected.

Changed in linux (Ubuntu Karmic):
status: Confirmed → Invalid
Changed in linux (Ubuntu Jaunty):
importance: Undecided → Medium
Jonas (jojje) wrote :

Jamie, why hasn't the patch you linked to @ #5 been applied yet to the Jaunty kernel?
It applies as linked hunked with 104 line offset which should make applying it to the main line kernel a 5 minute job.
I'd wager it's taken you longer to change the status of this ticket back and fort:)

What's the hold up? Any status update would be greatly appreciated.

Jamie Strandboge (jdstrand) wrote :

This should be in the next security update for Jaunty's kernel.

Changed in linux (Ubuntu Jaunty):
assignee: nobody → Stefan Bader (stefan-bader-canonical)
pet (pet-mueller1) wrote :

one of the most annoying failures in ubuntu. after so many years and releases it is still a hot topic and will probably not been solved in future releases too. on for this 100 failure list. i can't belive it, it does stress me every day. thanks

description: updated
Stefan Bader (smb) on 2009-08-05
Changed in linux (Ubuntu Jaunty):
status: Triaged → Fix Committed
Martin Pitt (pitti) wrote :

Accepted linux into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed

Confirmed, adding 'ipv6.disable=1' to the kernel line now disabled ipv6. Thank you!

Martin Pitt (pitti) on 2009-09-03
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.28-15.52

---------------
linux (2.6.28-15.52) jaunty-proposed; urgency=low

  [ Stefan Bader ]

  * Revert "SAUCE: ACPI: Populate DIDL before registering ACPI video device
    on Intel"
    - LP: #423296
  * SAUCE: Allow less restrictive acpi video detection
    - LP: #333386

  [ Upstream Kernel Changes ]

  * include drivers/pci/hotplug/* in -virtual package
    - LP: #364916
  * ext4: don't call jbd2_journal_force_commit_nested without journal
    - LP: #418197
  * ext4: fix ext4_free_inode() vs. ext4_claim_inode() race
    - LP: #418197
  * ext4: fix bogus BUG_ONs in in mballoc code
    - LP: #418197
  * ext4: fix typo which causes a memory leak on error path
    - LP: #418197
  * ext4: Fix softlockup caused by illegal i_file_acl value in on-disk
    inode
    - LP: #418197
  * ext4: Fix sub-block zeroing for writes into preallocated extents
    - LP: #418197
  * jbd2: Call journal commit callback without holding j_list_lock
    - LP: #418197
  * ext4: Print the find_group_flex() warning only once
    - LP: #367065
  * ext4: really print the find_group_flex fallback warning only once
    - LP: #367065

linux (2.6.28-15.51) jaunty-proposed; urgency=low

  [ Colin Ian King ]

  * SAUCE: wireless: hostap, fix oops due to early probing interrupt
    - LP: #254837

  [ Leann Ogasawara ]

  * Add the atl1c driver to support Atheros AR8132
    - LP: #415358
  * Updating configs to enable the atl1c driver
    - LP: #415358

  [ Stefan Bader ]

  * Revert "SAUCE: input: Blacklist digitizers from joydev.c"
    - LP: #300143
  * SAUCE: Fix the exported name for e1000e-next
    - LP: #402890
  * SAUCE: Fix incorrect stable backport to bas_gigaset
    - LP: #417732
  * SAUCE: Remove the atl2 driver from the ubuntu subdirectory
    - LP: #419438

linux (2.6.28-15.50) jaunty-proposed; urgency=low

  [ Colin Ian King ]

  * SAUCE: radio-maestro: fix panics on probe failure
    - LP: #357724
  * SAUCE: HDA Intel, sigmatel: Enable speakers on HP Mini 1000
    - LP: #318942

  [ Jerone Young ]

  * SAUCE: Fix Soltech TA12 volume hotkeys not sending key release in
    Jaunty
    - LP: #397499

  [ John Johansen ]

  * SAUCE: remove AppArmor debug check for calls from interrupt context
    - LP: #350789

  [ Manoj Iyer ]

  * SAUCE: Fix kernel panic when SELinux is enabled.
    - LP: #395219

  [ Matthew Garrett ]

  * SAUCE: ACPI: Populate DIDL before registering ACPI video device on
    Intel

  [ Michael Frey (Senior Manager, MID ]

  * SAUCE: Fix for internal microphone for Dell Mini10V
    - LP: #394793

  [ Tim Gardner ]

  * SAUCE: Added e1000e from sourceforge.
    - LP: #402890

  [ Upstream Kernel Changes ]

  * Input: synaptics - report multi-taps only if supported by the device
    - LP: #399787
  * ftdi_sio: fix kref leak
    - LP: #396930, #376128
  * IPv6: add "disable" module parameter support to ipv6.ko
    - LP: #351656

 -- Stefan Bader <email address hidden> Thu, 27 Aug 2009 15:09:06 +0200

Changed in linux (Ubuntu Jaunty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers