ntpd apparmor rule does not allow reading dhcp based config

Bug #517701 reported by Saku Ytti on 2010-02-05
This bug affects 3 people
Affects Status Importance Assigned to Milestone
ntp (Ubuntu)

Bug Description

Binary package hint: ntp

Configuration file is located in /var/lib/ntp/ntp.conf.dhcp but /etc/apparmor.d/usr.sbin.ntpd does not allow reading it, it does allow reading /etc/ntp.conf.dhcp though, so it is unclear if file is generated in wrong location or if apparmor should allow reading this location, my guess is apparmor should be updated.

ProblemType: Bug
Architecture: amd64
CheckboxSubmission: 27ea4f2fd44978993c33d11dbccf69e2
CheckboxSystem: b845c366ea09c60efa3a45c1b5b21525
Date: Fri Feb 5 19:15:01 2010
DistroRelease: Ubuntu 10.04
NtpStatus: Name or service not known
Package: ntp 1:4.2.4p8+dfsg-1ubuntu1
ProcVersionSignature: Ubuntu 2.6.32-12.16-generic
SourcePackage: ntp
Uname: Linux 2.6.32-12-generic x86_64
mtime.conffile..etc.apparmor.d.usr.sbin.ntpd: 2010-02-05T19:13:57.382066
mtime.conffile..etc.ntp.conf: 2010-02-05T18:34:34.172054

Related branches

CVE References

Saku Ytti (ubuntu-ip) wrote :


On Fri, Feb 05, 2010 at 05:18:48PM -0000, Saku Ytti wrote:
> Configuration file is located in /var/lib/ntp/ntp.conf.dhcp

Which component/process is generating this configuration file?

  status incomplete
  priority low

Mathias Gug
Ubuntu Developer http://www.ubuntu.com

Changed in ntp (Ubuntu):
importance: Undecided → Low
Saku Ytti (ubuntu-ip) wrote :

/etc/dhcp3/dhclient-exit-hooks.d/ntp which ships in ntp package.

John Ferlito (johnf-inodes) wrote :

Looks like the config file was moved a while back but apparmour hasn't been updated

ntp (1:4.2.4p6+dfsg-2) unstable; urgency=medium

  * Fixed typo in ntpdate man page (closes: #526086)
  * Updated standards version
  * Moved .dhcp version of configuration files to /var/lib/ntp and
    /var/lib/ntpdate (closes: #524035)
  * Cleaned up man pages to satisfy lintian's hyphen-used-as-minus-sign
  * Fixed limited buffer overflow in ntpq (CVE-2009-0159) (closes: #525373)
  * Fixed stack buffer overflow in ntpd (CVE-2009-1252) (closes: #525373)
  * Use new status_of_proc function to report status in ntp init script
  * Updated the config.guess/sub handling as recommended by autotools-dev to
    not clutter the diff, added autotools-dev to build dependencies

Chuck Short (zulcss) on 2010-03-19
Changed in ntp (Ubuntu):
status: Incomplete → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ntp - 1:4.2.4p8+dfsg-1ubuntu2

ntp (1:4.2.4p8+dfsg-1ubuntu2) lucid; urgency=low

  * debian/apparmor-profile: allow reading of /var/lib/ntp/ntp.conf.dhcp
    (LP: #517701)
 -- Jamie Strandboge <email address hidden> Thu, 08 Apr 2010 16:24:42 -0500

Changed in ntp (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers