Ubuntu
ntp package

apparmor prevents ntp from reading gpsd

Bug #722815 reported by John Nogatch
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ntp (Ubuntu)
Fix Released
Wishlist
Kees Cook

Bug Description

Binary package hint: ntp

Ubuntu 10.10
ntp 1:4.2.4p8+dfsg-1ubuntu6

With gpsd installed and a USB GPS device plugged in, xgps shows that GPS data is available, but "ntpq -p" does not display it. "server" and "fudge" lines had already been added to /etc/ntp.conf & ntp restarted.

/etc/apparmor.d/usr.sbin.ntpd needs to have 1 line added, "capability ipc_owner," (after the line "capability ipc_lock,") and then apparmor and ntp need to be restarted. "ntpq -p" then shows the time obtained from the GPS.

The man page for shmat(2) indicates that EACCES is returned if the process lacks CAP_IPC_OWNER. Perhaps if ntp requested access with SHM_RDONLY, owner capability might not be required? Does adding "capability ipc_owner," open a security hole?

Related branches

lp:ubuntu/natty/ntp
Kamal Mostafa (kamalmostafa)
Changed in ntp (Ubuntu):
importance: Undecided → Low
status: New → Confirmed
Revision history for this message
John Nogatch (jnogatch) wrote :

My previous patch file was made incorrectly. This new patch file has the files in correct order, with full pathname.

Brian Murray (brian-murray)
tags: added: patch
Revision history for this message
Lefteris (lefterists) wrote :

A quick hack (not recommended though as it most likely gives ntpd access to shm and opens up a security hole) is to edit /etc/apparmor.d/tunables/ntpd and use:

@{NTPD_DEVICE}="/proc/sysvipc/shm"

Revision history for this message
Kees Cook (kees) wrote :

Thanks for tracking this down! Unfortunately, ipc_owner is a rather strong capability (allows access to all shared memory), and it looks like ntpd expects to actually write to the memory region (e.g. "shm->valid = 0" is in the code), so SHM_RDONLY doesn't seem viable either. Instead, I've added a note to the AppArmor profile itself pointing people to the right option if they want to enable it for their local system (since it doesn't seem appropriate to do this by default for all ntpd users).

Changed in ntp (Ubuntu):
status: Confirmed → Fix Committed
assignee: nobody → Kees Cook (kees)
importance: Low → Wishlist
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ntp - 1:4.2.6.p2+dfsg-1ubuntu5

---------------
ntp (1:4.2.6.p2+dfsg-1ubuntu5) natty; urgency=low

  * debian/apparmor-profile: add note about using shared memory for
    a clock source (LP: #722815).
 -- Kees Cook <email address hidden> Thu, 10 Mar 2011 12:54:59 -0800

Changed in ntp (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.