[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.6 --- ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.6) trusty; urgency=medium * Fix use-after-free in routing socket code (closes: #795315) - debian/patches/use-after-free-in-routing-socket.patch: fix logic in ntpd/ntp_io.c (LP: #1481388) -- Eric DesrochersThu, 29 Oct 2015 09:34:22 -0400 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
This bug was fixed in the package ntp - 1:4.2.6.p3+dfsg-1ubuntu3.7 --- ntp (1:4.2.6.p3+dfsg-1ubuntu3.7) precise; urgency=medium * Fix use-after-free in routing socket code (closes: #795315) - debian/patches/use-after-free-in-routing-socket.patch: fix logic in ntpd/ntp_io.c (LP: #1481388) -- Eric DesrochersThu, 29 Oct 2015 09:47:20 -0400 ** Changed in: ntp (Ubuntu Precise) Status: Fix Committed => Fix Released ** Changed in: ntp (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.6 --- ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.6) trusty; urgency=medium * Fix use-after-free in routing socket code (closes: #795315) - debian/patches/use-after-free-in-routing-socket.patch: fix logic in ntpd/ntp_io.c (LP: #1481388) -- Eric DesrochersThu, 29 Oct 2015 09:34:22 -0400 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu6.3 --- ntp (1:4.2.6.p5+dfsg-3ubuntu6.3) vivid; urgency=medium * Fix use-after-free in routing socket code (closes: #795315) - debian/patches/use-after-free-in-routing-socket.patch: fix logic in ntpd/ntp_io.c (LP: #1481388) -- Eric DesrochersThu, 29 Oct 2015 09:18:12 -0400 ** Changed in: ntp (Ubuntu Vivid) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu6.3 --- ntp (1:4.2.6.p5+dfsg-3ubuntu6.3) vivid; urgency=medium * Fix use-after-free in routing socket code (closes: #795315) - debian/patches/use-after-free-in-routing-socket.patch: fix logic in ntpd/ntp_io.c (LP: #1481388) -- Eric DesrochersThu, 29 Oct 2015 09:18:12 -0400 ** Changed in: ntp (Ubuntu Vivid) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
This bug was fixed in the package ntp - 1:4.2.6.p3+dfsg-1ubuntu3.7 --- ntp (1:4.2.6.p3+dfsg-1ubuntu3.7) precise; urgency=medium * Fix use-after-free in routing socket code (closes: #795315) - debian/patches/use-after-free-in-routing-socket.patch: fix logic in ntpd/ntp_io.c (LP: #1481388) -- Eric DesrochersThu, 29 Oct 2015 09:47:20 -0400 ** Changed in: ntp (Ubuntu Precise) Status: Fix Committed => Fix Released ** Changed in: ntp (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Tags removed: verification-done ** Tags added: verification-done-trusty verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Tags removed: verification-done ** Tags added: verification-done-trusty verification-needed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
I've been using the -proposed package on 15 Trusty machines since it was published. Again, I never was able to reproduce the original problem but I saw no regression either. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
I've been using the -proposed package on 15 Trusty machines since it was published. Again, I never was able to reproduce the original problem but I saw no regression either. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Hello Eric, or anyone else affected, Accepted ntp into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg- 3ubuntu2.14.04.6 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: ntp (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags removed: verification-done ** Tags added: verification-needed ** Changed in: ntp (Ubuntu Precise) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Hello Eric, or anyone else affected, Accepted ntp into vivid-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg- 3ubuntu6.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: ntp (Ubuntu Vivid) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Hello Eric, or anyone else affected, Accepted ntp into vivid-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg- 3ubuntu6.3 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: ntp (Ubuntu Vivid) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Hello Eric, or anyone else affected, Accepted ntp into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg- 3ubuntu2.14.04.6 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: ntp (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags removed: verification-done ** Tags added: verification-needed ** Changed in: ntp (Ubuntu Precise) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
sponsored to precise/trusty/vivid (though i'm unsure vivid is useful since it's not the current stable) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
sponsored to precise/trusty/vivid (though i'm unsure vivid is useful since it's not the current stable) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Tags added: sts -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Tags added: sts -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Patch removed: "debdiff for precise" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4452908/+files/lp1481388_precise.debdiff ** Patch removed: "debdiff for trusty" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4453392/+files/lp1481388_trusty.debdiff ** Patch removed: "debdiff for vivid" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456186/+files/lp1481388_vivid.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Patch removed: "debdiff for precise" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4452908/+files/lp1481388_precise.debdiff ** Patch removed: "debdiff for trusty" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4453392/+files/lp1481388_trusty.debdiff ** Patch removed: "debdiff for vivid" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456186/+files/lp1481388_vivid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Here is the rebase debdiff for Precise ** Patch added: "Rebase Precise debdiff" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508496/+files/lp1481388_rebase_precise.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Here is the rebase debdiff for Vivid ** Patch added: "Rebase Vivid debdiff" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508498/+files/lp1481388_rebase_vivid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Here is the rebase debdiff for Trusty ** Patch added: "Rebase Trusty debdiff" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508494/+files/lp1481388_rebase_trusty.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Here is the rebase debdiff for Trusty ** Patch added: "Rebase Trusty debdiff" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508494/+files/lp1481388_rebase_trusty.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Here is the rebase debdiff for Precise ** Patch added: "Rebase Precise debdiff" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508496/+files/lp1481388_rebase_precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Here is the rebase debdiff for Vivid ** Patch added: "Rebase Vivid debdiff" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508498/+files/lp1481388_rebase_vivid.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Hi Mathew, I have the knowledge of the code, I will rebase the debdiffs for V/T/P Note: I checked and Xenial has the patch already. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Hi Mathew, I have the knowledge of the code, I will rebase the debdiffs for V/T/P Note: I checked and Xenial has the patch already. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Eric, I've been running the proposed version on many systems and haven't found any regression. Do you think this would be ready to move on to -updates now? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Eric, I've been running the proposed version on many systems and haven't found any regression. Do you think this would be ready to move on to -updates now? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Good evening Chris, This bug has been brought to my attention by someone in the community. Unfortunately, I never had a confirmation from him if the fix solve his issue or not... but as state in comment #5 & #11, I've been able to reproduce the problem and make sure it addressed the situation. The reproducer is basically to lower down the value of "net.core.[m-r]mem_default" and adding multiples network interface + static route. FYI, the same fix has been also applied in Debian ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315 Let me know if you need anything else. Thanks ! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Good evening Chris, This bug has been brought to my attention by someone in the community. Unfortunately, I never had a confirmation from him if the fix solve his issue or not... but as state in comment #5 & #11, I've been able to reproduce the problem and make sure it addressed the situation. The reproducer is basically to lower down the value of "net.core.[m-r]mem_default" and adding multiples network interface + static route. FYI, the same fix has been also applied in Debian ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315 Let me know if you need anything else. Thanks ! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Has anyone who was able to reproduce the original crash tested the packages from trusty-proposed (or precise or vivid) to check that the crash is actually fixed? It's good that it doesn't seem to regress anything, but we also want to know whether it *fixes* anything :) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Has anyone who was able to reproduce the original crash tested the packages from trusty-proposed (or precise or vivid) to check that the crash is actually fixed? It's good that it doesn't seem to regress anything, but we also want to know whether it *fixes* anything :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
This SRU has been shadowed by a security update and needs to be re- merged. ** Changed in: ntp (Ubuntu Precise) Status: Fix Committed => In Progress ** Changed in: ntp (Ubuntu Trusty) Status: Fix Committed => In Progress ** Changed in: ntp (Ubuntu Vivid) Status: Fix Committed => In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
This SRU has been shadowed by a security update and needs to be re- merged. ** Changed in: ntp (Ubuntu Precise) Status: Fix Committed => In Progress ** Changed in: ntp (Ubuntu Trusty) Status: Fix Committed => In Progress ** Changed in: ntp (Ubuntu Vivid) Status: Fix Committed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Good evening Mathew, Does it mean I need to re-do the debdiffs ? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Good evening Mathew, Does it mean I need to re-do the debdiffs ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
I think it is probably necessary to rebase the debdiffs on the new versions in case there are any confilcts. There were a lot of changes as you can see here http://www.ubuntu.com/usn/usn-2783-1/ . I don't have direct knowledge of the code though. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
I think it is probably necessary to rebase the debdiffs on the new versions in case there are any confilcts. There were a lot of changes as you can see here http://www.ubuntu.com/usn/usn-2783-1/ . I don't have direct knowledge of the code though. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Simon, you may want to add a few ethernet interfaces and static routes. I was able to reproduce it with ~6 network interface. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Simon, you may want to add a few ethernet interfaces and static routes. I was able to reproduce it with ~6 network interface. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Err, I meant I couldn't reproduce the issue with and without the patch. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Err, I meant I couldn't reproduce the issue with and without the patch. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
I tried to reproduce the problem by lowering {r,w}mem_max on Precise and Trusty's *unpatched* version to no avail. On the up side, I couldn't find any regression with the update version. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
I tried to reproduce the problem by lowering {r,w}mem_max on Precise and Trusty's *unpatched* version to no avail. On the up side, I couldn't find any regression with the update version. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Eric, I don't know if that's a good test case but on my patched Trusty box: root@xeon:~# uname -a Linux xeon 3.13.0-63-generic #103-Ubuntu SMP Fri Aug 14 21:42:59 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux root@xeon:~# sysctl net.core.wmem_max=4650 net.core.wmem_max = 4700 root@xeon:~# sysctl net.core.rmem_max=2400 net.core.rmem_max = 2400 root@xeon:~# (ip -4 ro ; ip -6 ro) | wc -l 43 root@xeon:~# (ip -4 a; ip -6 a) | grep -c inet 34 root@xeon:~# ip link | grep -c link 23 root@xeon:~# dpkg -l | awk '{if ($2 == "ntp") print $3}' 1:4.2.6.p5+dfsg-3ubuntu2.14.04.4 root@xeon:~# /etc/init.d/ntp restart root@xeon:~# netstat -puant | grep -c ntpd 36 Then syslog shows nothing abnormal. It says "Listen normally on {2..35}". FYI, many of those interfaces a vnetX interfaces belonging to VMs so I don't know if they really count. Trying to lower {r,w}mem_max even more result in "Invalid argument". Please let me know if I'm doing something wrong. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Eric, I don't know if that's a good test case but on my patched Trusty box: root@xeon:~# uname -a Linux xeon 3.13.0-63-generic #103-Ubuntu SMP Fri Aug 14 21:42:59 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux root@xeon:~# sysctl net.core.wmem_max=4650 net.core.wmem_max = 4700 root@xeon:~# sysctl net.core.rmem_max=2400 net.core.rmem_max = 2400 root@xeon:~# (ip -4 ro ; ip -6 ro) | wc -l 43 root@xeon:~# (ip -4 a; ip -6 a) | grep -c inet 34 root@xeon:~# ip link | grep -c link 23 root@xeon:~# dpkg -l | awk '{if ($2 == "ntp") print $3}' 1:4.2.6.p5+dfsg-3ubuntu2.14.04.4 root@xeon:~# /etc/init.d/ntp restart root@xeon:~# netstat -puant | grep -c ntpd 36 Then syslog shows nothing abnormal. It says "Listen normally on {2..35}". FYI, many of those interfaces a vnetX interfaces belonging to VMs so I don't know if they really count. Trying to lower {r,w}mem_max even more result in "Invalid argument". Please let me know if I'm doing something wrong. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Launchpad has imported 8 comments from the remote bug at http://bugs.ntp.org/show_bug.cgi?id=2224. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2012-06-11T13:37:37+00:00 Ktamateas wrote: Hello everyone, I want to file a bug. Run command: ntpd --user=ntpd:ntpd --logfile=/var/log/ntpd.log It runs for some seconds and then is segfaults. Happens only when I use both the --user and --logfile parameters. Happens only when I have configured it with --enable-clockctl alone. If configured with both --enable-clockctl and --enable-linuxcaps it works OK. /var/log/ntpd.log: -rw-r--r-- 1 ntpd ntpd 21957 Jun 11 14:49 /var/log/ntpd.log /etc/passwd: ntpd:x:10:17:ntpd:/dev/null:/bin/false /etc/group: ntpd:x:1008: /etc/ntpd.conf is empty. Strace gives in the end: http://pastebin.com/Bujn2MNn With more advanced debugging I got: http://pastebin.com/YNWBrRJG When runs in normal manner, strace gives: http://pastebin.com/2JpzK4jh In my humble opinion, the error occurs when ntpd tries to do something with the network interfaces. My machine is a kernel 2.6.35.14 with glibc 2.14.1. ntpd - NTP daemon program - Ver. 4.2.6p5 Greetings. Reply at: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/0 On 2012-06-11T17:10:44+00:00 Dave Hart wrote: Thanks for the report. The additional debugging paste is short enough to include directly in the comments: ==24767== Invalid read of size 8 ==24767==at 0x411048: input_handler (ntp_io.c:3621) ==24767==by 0x414B84: ntpdmain (ntpd.c:1078) ==24767==by 0x406448: main (ntpd.c:356) ==24767== Address 0x5e897f0 is 0 bytes inside a block of size 32 free'd ==24767==at 0x4C26649: free (in /lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24767==by 0x411072: input_handler (ntp_io.c:3619) ==24767==by 0x414B84: ntpdmain (ntpd.c:1078) ==24767==by 0x406448: main (ntpd.c:356) The code in question is: #ifdef HAS_ROUTING_SOCKET /* * scan list of asyncio readers - currently only used for routing sockets */ asyncio_reader = asyncio_reader_list; while (asyncio_reader != NULL) { if (FD_ISSET(asyncio_reader->fd, )) { ++select_count; (asyncio_reader->receiver)(asyncio_reader); /*3619 */ } asyncio_reader = asyncio_reader->link; /* 3621 */ } #endif /* HAS_ROUTING_SOCKET */ line 3619 is calling process_routing_msgs() which, after root is dropped, is noticing a failed read or other error and removing the entry from asyncio_reader_list and free()ing it, triggering the valgrind catch. I bet can be worked around by adding -U 0 to the command line to disable dynamic interface updates, I suspect (I could be wrong, too). To patch it, we need to add a "next_asyncio_reader" local variable of the same type as asyncio_reader, and assign to it asyncio_reader->link before if (FD_ISSET(..., and change the asyncio_reader assignment to use the saved next_asyncio_reader. I will get that ready for ntp-dev, and am requesting 4.2.6 blocking in case we do another release of that stable version. Reply at: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/1 On 2012-06-11T18:12:06+00:00 Dave Hart wrote: Ready in: ~hart/ntp-dev-2224 Reply at: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/2 On 2012-06-12T06:23:04+00:00 Ktamateas wrote: (In reply to comment #2) > Ready in: > > ~hart/ntp-dev-2224 How can I see the code difference? Reply at: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/3 On 2012-06-12T07:56:53+00:00 Dave Hart wrote: Created attachment 883 pending patch for Bug 2224 With a bit of luck it'll be in 4.2.7p280 before too long. Reply at: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/4 On 2012-06-12T08:24:23+00:00 Ktamateas wrote: (In reply to comment #4) > Created attachment 883 [details] > pending patch for Bug 2224 > > With a bit of luck it'll be in 4.2.7p280 before too long. We consider 4.2.7p XXX stable revisions ? Reply at: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/5 On 2012-06-12T08:50:50+00:00 Dave Hart wrote: (In reply to comment #5) > (In reply to comment #4) > > Created attachment 883 [details] > > pending
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Launchpad has imported 8 comments from the remote bug at http://bugs.ntp.org/show_bug.cgi?id=2224. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2012-06-11T13:37:37+00:00 Ktamateas wrote: Hello everyone, I want to file a bug. Run command: ntpd --user=ntpd:ntpd --logfile=/var/log/ntpd.log It runs for some seconds and then is segfaults. Happens only when I use both the --user and --logfile parameters. Happens only when I have configured it with --enable-clockctl alone. If configured with both --enable-clockctl and --enable-linuxcaps it works OK. /var/log/ntpd.log: -rw-r--r-- 1 ntpd ntpd 21957 Jun 11 14:49 /var/log/ntpd.log /etc/passwd: ntpd:x:10:17:ntpd:/dev/null:/bin/false /etc/group: ntpd:x:1008: /etc/ntpd.conf is empty. Strace gives in the end: http://pastebin.com/Bujn2MNn With more advanced debugging I got: http://pastebin.com/YNWBrRJG When runs in normal manner, strace gives: http://pastebin.com/2JpzK4jh In my humble opinion, the error occurs when ntpd tries to do something with the network interfaces. My machine is a kernel 2.6.35.14 with glibc 2.14.1. ntpd - NTP daemon program - Ver. 4.2.6p5 Greetings. Reply at: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/0 On 2012-06-11T17:10:44+00:00 Dave Hart wrote: Thanks for the report. The additional debugging paste is short enough to include directly in the comments: ==24767== Invalid read of size 8 ==24767==at 0x411048: input_handler (ntp_io.c:3621) ==24767==by 0x414B84: ntpdmain (ntpd.c:1078) ==24767==by 0x406448: main (ntpd.c:356) ==24767== Address 0x5e897f0 is 0 bytes inside a block of size 32 free'd ==24767==at 0x4C26649: free (in /lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24767==by 0x411072: input_handler (ntp_io.c:3619) ==24767==by 0x414B84: ntpdmain (ntpd.c:1078) ==24767==by 0x406448: main (ntpd.c:356) The code in question is: #ifdef HAS_ROUTING_SOCKET /* * scan list of asyncio readers - currently only used for routing sockets */ asyncio_reader = asyncio_reader_list; while (asyncio_reader != NULL) { if (FD_ISSET(asyncio_reader->fd, )) { ++select_count; (asyncio_reader->receiver)(asyncio_reader); /*3619 */ } asyncio_reader = asyncio_reader->link; /* 3621 */ } #endif /* HAS_ROUTING_SOCKET */ line 3619 is calling process_routing_msgs() which, after root is dropped, is noticing a failed read or other error and removing the entry from asyncio_reader_list and free()ing it, triggering the valgrind catch. I bet can be worked around by adding -U 0 to the command line to disable dynamic interface updates, I suspect (I could be wrong, too). To patch it, we need to add a "next_asyncio_reader" local variable of the same type as asyncio_reader, and assign to it asyncio_reader->link before if (FD_ISSET(..., and change the asyncio_reader assignment to use the saved next_asyncio_reader. I will get that ready for ntp-dev, and am requesting 4.2.6 blocking in case we do another release of that stable version. Reply at: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/1 On 2012-06-11T18:12:06+00:00 Dave Hart wrote: Ready in: ~hart/ntp-dev-2224 Reply at: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/2 On 2012-06-12T06:23:04+00:00 Ktamateas wrote: (In reply to comment #2) > Ready in: > > ~hart/ntp-dev-2224 How can I see the code difference? Reply at: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/3 On 2012-06-12T07:56:53+00:00 Dave Hart wrote: Created attachment 883 pending patch for Bug 2224 With a bit of luck it'll be in 4.2.7p280 before too long. Reply at: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/4 On 2012-06-12T08:24:23+00:00 Ktamateas wrote: (In reply to comment #4) > Created attachment 883 [details] > pending patch for Bug 2224 > > With a bit of luck it'll be in 4.2.7p280 before too long. We consider 4.2.7p XXX stable revisions ? Reply at: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/5 On 2012-06-12T08:50:50+00:00 Dave Hart wrote: (In reply to comment #5) > (In reply to comment #4) > > Created attachment 883 [details] > > pending
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Branch linked: lp:ubuntu/vivid-proposed/ntp ** Branch linked: lp:ubuntu/precise-proposed/ntp ** Branch linked: lp:~ubuntu-branches/ubuntu/trusty/ntp/trusty-proposed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Branch linked: lp:ubuntu/vivid-proposed/ntp ** Branch linked: lp:ubuntu/precise-proposed/ntp ** Branch linked: lp:~ubuntu-branches/ubuntu/trusty/ntp/trusty-proposed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Hello Eric, or anyone else affected, Accepted ntp into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg- 3ubuntu2.14.04.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: ntp (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags added: verification-needed ** Changed in: ntp (Ubuntu Precise) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
Hello Eric, or anyone else affected, Accepted ntp into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg- 3ubuntu2.14.04.4 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: ntp (Ubuntu Trusty) Status: In Progress => Fix Committed ** Tags added: verification-needed ** Changed in: ntp (Ubuntu Precise) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Changed in: ntp (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Changed in: ntp (Debian) Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Branch linked: lp:ubuntu/ntp -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Branch linked: lp:ubuntu/ntp -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Bug watch added: Debian Bug tracker #795315 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315 ** Also affects: ntp (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315 Importance: Unknown Status: Unknown ** Bug watch added: bugs.ntp.org/ #2224 http://bugs.ntp.org/show_bug.cgi?id=2224 ** Also affects: ntp via http://bugs.ntp.org/show_bug.cgi?id=2224 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Bug watch added: Debian Bug tracker #795315 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315 ** Also affects: ntp (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315 Importance: Unknown Status: Unknown ** Bug watch added: bugs.ntp.org/ #2224 http://bugs.ntp.org/show_bug.cgi?id=2224 ** Also affects: ntp via http://bugs.ntp.org/show_bug.cgi?id=2224 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
ACK on the debdiffs, thanks! I've slightly modified the whitespace in the changelog and have added the bug number, and have uploaded it to wily, and to the other releases for processing by the SRU team. ** Tags removed: verification-done ** Changed in: ntp (Ubuntu Wily) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu7 --- ntp (1:4.2.6.p5+dfsg-3ubuntu7) wily; urgency=medium * Fix use-after-free in routing socket code (LP: #1481388) - debian/patches/use-after-free-in-routing-socket.patch fix logic in ntpd/ntp_io.c * Fix to ignore ENOBUFS on routing netlink socket - debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch fix logic in ntpd/ntp_io.c -- Eric DesrochersWed, 02 Sep 2015 09:57:16 -0400 ** Changed in: ntp (Ubuntu Wily) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu7 --- ntp (1:4.2.6.p5+dfsg-3ubuntu7) wily; urgency=medium * Fix use-after-free in routing socket code (LP: #1481388) - debian/patches/use-after-free-in-routing-socket.patch fix logic in ntpd/ntp_io.c * Fix to ignore ENOBUFS on routing netlink socket - debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch fix logic in ntpd/ntp_io.c -- Eric DesrochersWed, 02 Sep 2015 09:57:16 -0400 ** Changed in: ntp (Ubuntu Wily) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
ACK on the debdiffs, thanks! I've slightly modified the whitespace in the changelog and have added the bug number, and have uploaded it to wily, and to the other releases for processing by the SRU team. ** Tags removed: verification-done ** Changed in: ntp (Ubuntu Wily) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for wily ** Patch added: "debdiff for wily" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456187/+files/lp1481388_wily.debdiff ** Changed in: ntp (Ubuntu Wily) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Changed in: ntp (Ubuntu Wily) Importance: Low => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Changed in: ntp (Ubuntu Wily) Importance: Low => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for vivid ** Patch added: "debdiff for vivid" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456186/+files/lp1481388_vivid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for vivid ** Patch added: "debdiff for vivid" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456186/+files/lp1481388_vivid.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for wily ** Patch added: "debdiff for wily" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456187/+files/lp1481388_wily.debdiff ** Changed in: ntp (Ubuntu Wily) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Patch removed: "debdiff for Vivid" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4455714/+files/lp1481388_vivid.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Patch removed: "debdiff for Vivid" https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4455714/+files/lp1481388_vivid.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for Vivid ** Patch added: "debdiff for Vivid" https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1481388/+attachment/4455714/+files/lp1481388_vivid.debdiff ** Changed in: ntp (Ubuntu Vivid) Status: Confirmed => In Progress ** Changed in: ntp (Ubuntu Vivid) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for Vivid ** Patch added: "debdiff for Vivid" https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1481388/+attachment/4455714/+files/lp1481388_vivid.debdiff ** Changed in: ntp (Ubuntu Vivid) Status: Confirmed => In Progress ** Changed in: ntp (Ubuntu Vivid) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
I also noticed the situation can be reproduced at boot if the value of net.core.rmem_default is too low. I reproduced it by only lowering the net.core.rmem_default = 2000 value with 6 network interface at boot. ntpd[851]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16 ntpd[851]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123 ntpd[851]: Listen and drop on 1 v6wildcard :: UDP 123 ntpd[851]: Listen normally on 2 eth1 192.168.1.10 UDP 123 ntpd[851]: Listen normally on 3 eth2 192.168.2.10 UDP 123 ntpd[851]: Listen normally on 4 eth3 192.168.3.10 UDP 123 ntpd[851]: Listen normally on 5 eth4 192.168.4.10 UDP 123 ntpd[851]: Listen normally on 6 eth5 192.168.5.10 UDP 123 ntpd[851]: Listen normally on 7 eth6 192.168.6.10 UDP 123 ntpd[851]: peers refreshed ntpd[851]: Listening on routing socket on fd #24 for interface updates ntpd[851]: Deferring DNS for 0.ubuntu.pool.ntp.org 1 ntpd[851]: Deferring DNS for 1.ubuntu.pool.ntp.org 1 ntpd[851]: Deferring DNS for 2.ubuntu.pool.ntp.org 1 ntpd[851]: Deferring DNS for 3.ubuntu.pool.ntp.org 1 ntpd[851]: Deferring DNS for ntp.ubuntu.com 1 ntpd[864]: signal_no_reset: signal 17 had flags 400 === ntpd[851]: i/o error on routing socket No buffer space available - disabling === -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for trusty ** Patch added: 1:4.2.6.p5+dfsg-3ubuntu2.14.04.4 https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1481388/+attachment/4453392/+files/lp1481388_trusty.debdiff ** Changed in: ntp (Ubuntu Trusty) Status: Confirmed = In Progress ** Changed in: ntp (Ubuntu Trusty) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for trusty ** Patch added: 1:4.2.6.p5+dfsg-3ubuntu2.14.04.4 https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1481388/+attachment/4453392/+files/lp1481388_trusty.debdiff ** Changed in: ntp (Ubuntu Trusty) Status: Confirmed = In Progress ** Changed in: ntp (Ubuntu Trusty) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
I also noticed the situation can be reproduced at boot if the value of net.core.rmem_default is too low. I reproduced it by only lowering the net.core.rmem_default = 2000 value with 6 network interface at boot. ntpd[851]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16 ntpd[851]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123 ntpd[851]: Listen and drop on 1 v6wildcard :: UDP 123 ntpd[851]: Listen normally on 2 eth1 192.168.1.10 UDP 123 ntpd[851]: Listen normally on 3 eth2 192.168.2.10 UDP 123 ntpd[851]: Listen normally on 4 eth3 192.168.3.10 UDP 123 ntpd[851]: Listen normally on 5 eth4 192.168.4.10 UDP 123 ntpd[851]: Listen normally on 6 eth5 192.168.5.10 UDP 123 ntpd[851]: Listen normally on 7 eth6 192.168.6.10 UDP 123 ntpd[851]: peers refreshed ntpd[851]: Listening on routing socket on fd #24 for interface updates ntpd[851]: Deferring DNS for 0.ubuntu.pool.ntp.org 1 ntpd[851]: Deferring DNS for 1.ubuntu.pool.ntp.org 1 ntpd[851]: Deferring DNS for 2.ubuntu.pool.ntp.org 1 ntpd[851]: Deferring DNS for 3.ubuntu.pool.ntp.org 1 ntpd[851]: Deferring DNS for ntp.ubuntu.com 1 ntpd[864]: signal_no_reset: signal 17 had flags 400 === ntpd[851]: i/o error on routing socket No buffer space available - disabling === -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Changed in: ntp (Ubuntu Precise) Assignee: (unassigned) = Eric Desrochers (eric-desrochers-z) ** Changed in: ntp (Ubuntu Vivid) Assignee: (unassigned) = Eric Desrochers (eric-desrochers-z) ** Changed in: ntp (Ubuntu Precise) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Changed in: ntp (Ubuntu Precise) Importance: Undecided = Medium ** Changed in: ntp (Ubuntu Vivid) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for precise ** Description changed: + [Impact] + + * User experienced repeated segfaults at the same instruction pointer + + i/o error on routing socket No buffer space available - disabling + segfault at 31 ip 0031 sp 79f11788 error 14 in libpthread-2.15.so[7f967a5d9000+18000] + + The remove_ and delete_ functions remove the current element from the + asyncio_reader_list, and free it, respectively. + + We then return back to the loop at the top, wherein the asyncio_reader variable still points at the now-freed element, whose contents are (in theory) now scrambled + by having link pointers, etc, from internal malloc state overlaying the data. + + [Test Case] + + You can easily reproduce the bug by : + + - Lowering the sysctl value net.core.rmem_max + + $ sysctl -w net.core.wmem_max=LOWER_VALUE + This sets the max OS send buffer size for all types of connections. + + - Adding multiple network interfaces and static routes. + + [Regression Potential] + + None expected since the fix is already available upstream + (https://github.com/ntp-project/ntp.git) and Debian package. + + If after installing the patch, user are receiving this kind of message in /var/log/syslog : routing socket reports: No buffer space available. + The next step, would be to increase the net.core.rmem_max and net.core.wmem_max values equally until the routing socket reports: No buffer space available message no longer showed up. + + [Other Info] + + NTP upstream (https://github.com/ntp-project/ntp.git) + [Bug 2224] Use-after-free in routing socket code after dropping root. - Commit: d6df9d3 + [Bug 2890] Ignore ENOBUFS on routing netlink socket. - Commit: db47bd4 + + The use-after-free bug has been fix in Debian release (closes: #795315) + Will submit the ignore-ENOBUFS-on-routing-netlink-socket in Debian in the next days. + + [Original Description] + We have 1 server (among hundreds) that its ntp service is crashing. A few minute/seconds after a start attempts we can see the following in syslog: ntpd[2729]: peers refreshed ntpd[2729]: Listening on routing socket on fd #49 for interface updates ntpd[2729]: i/o error on routing socket No buffer space available - disabling kernel: [157516.495224] ntpd[2729]: segfault at 31 ip 0031 sp 79f11788 error 14 in libpthread-2.15.so[7f967a5d9000+18000] OS: Ubuntu 12.04.4 LTS Kernel: 3.11.0-19-generic I tried to compare it to other servers, and the only thing I could find that is different is that while it's up (before it crashes) I can see the following when running lsof | grep ntp: ntpd 2729 ntp 49u sock 0,7 0t0 2473952565 can't identify protocol. ** Tags added: verification-done ** Changed in: ntp (Ubuntu Precise) Status: Confirmed = In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for precise -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for precise ** Patch added: debdiff for precise https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+attachment/4452908/+files/lp1481388_precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for precise ** Description changed: + [Impact] + + * User experienced repeated segfaults at the same instruction pointer + + i/o error on routing socket No buffer space available - disabling + segfault at 31 ip 0031 sp 79f11788 error 14 in libpthread-2.15.so[7f967a5d9000+18000] + + The remove_ and delete_ functions remove the current element from the + asyncio_reader_list, and free it, respectively. + + We then return back to the loop at the top, wherein the asyncio_reader variable still points at the now-freed element, whose contents are (in theory) now scrambled + by having link pointers, etc, from internal malloc state overlaying the data. + + [Test Case] + + You can easily reproduce the bug by : + + - Lowering the sysctl value net.core.rmem_max + + $ sysctl -w net.core.wmem_max=LOWER_VALUE + This sets the max OS send buffer size for all types of connections. + + - Adding multiple network interfaces and static routes. + + [Regression Potential] + + None expected since the fix is already available upstream + (https://github.com/ntp-project/ntp.git) and Debian package. + + If after installing the patch, user are receiving this kind of message in /var/log/syslog : routing socket reports: No buffer space available. + The next step, would be to increase the net.core.rmem_max and net.core.wmem_max values equally until the routing socket reports: No buffer space available message no longer showed up. + + [Other Info] + + NTP upstream (https://github.com/ntp-project/ntp.git) + [Bug 2224] Use-after-free in routing socket code after dropping root. - Commit: d6df9d3 + [Bug 2890] Ignore ENOBUFS on routing netlink socket. - Commit: db47bd4 + + The use-after-free bug has been fix in Debian release (closes: #795315) + Will submit the ignore-ENOBUFS-on-routing-netlink-socket in Debian in the next days. + + [Original Description] + We have 1 server (among hundreds) that its ntp service is crashing. A few minute/seconds after a start attempts we can see the following in syslog: ntpd[2729]: peers refreshed ntpd[2729]: Listening on routing socket on fd #49 for interface updates ntpd[2729]: i/o error on routing socket No buffer space available - disabling kernel: [157516.495224] ntpd[2729]: segfault at 31 ip 0031 sp 79f11788 error 14 in libpthread-2.15.so[7f967a5d9000+18000] OS: Ubuntu 12.04.4 LTS Kernel: 3.11.0-19-generic I tried to compare it to other servers, and the only thing I could find that is different is that while it's up (before it crashes) I can see the following when running lsof | grep ntp: ntpd 2729 ntp 49u sock 0,7 0t0 2473952565 can't identify protocol. ** Tags added: verification-done ** Changed in: ntp (Ubuntu Precise) Status: Confirmed = In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for precise -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for precise -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for precise -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
debdiff for precise ** Patch added: debdiff for precise https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+attachment/4452908/+files/lp1481388_precise.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Changed in: ntp (Ubuntu Precise) Assignee: (unassigned) = Eric Desrochers (eric-desrochers-z) ** Changed in: ntp (Ubuntu Vivid) Assignee: (unassigned) = Eric Desrochers (eric-desrochers-z) ** Changed in: ntp (Ubuntu Precise) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
** Changed in: ntp (Ubuntu Precise) Importance: Undecided = Medium ** Changed in: ntp (Ubuntu Vivid) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
The attachment debdiff for precise seems to be a debdiff. The ubuntu- sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the patch flag from the attachment, remove the patch tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
The attachment debdiff for precise seems to be a debdiff. The ubuntu- sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the patch flag from the attachment, remove the patch tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
I was able to reproduce the problem on PRECISE (12.04) by lowering the kernel parameter value net.core.rmem_max. And then test my .deb build on my PPA[1] with the following upstream commits : - d6df9d3 [Bug 2224] Use-after-free in routing socket code after dropping root. - db47bd4 [Bug 2890] Ignore ENOBUFS on routing netlink socket. What the patch does ? === The program first read from the fd. On success, the number of bytes written into buf is returned. On error, the call returns −1 and sets errno If the call returns -1, then there is a verification to validate if the errno == ENOBUFS and then send to syslog the following message : routing socket reports: No buffer space available Otherwise, if errno is NOT ENOBUFS, then it close the socket (remove_asyncio_reader(reader);) and free the memory space (delete_asyncio_reader(reader);) And send to syslog the following message : i/o error on routing socket No buffer space available - disabling Before this patch, no matter what was the errno, it was automatically close() and free() without validation if ENOBUFS or not. To summarize, the patch allow the program to not close() and free() the socket when the a errno == ENOBUFS occur, but still send a message in syslog to notify the administrator. === If after installing the patch, you are receiving this kind of message in /var/log/syslog : routing socket reports: No buffer space available The next step, would be to increase the net.core.rmem_max and net.core.wmem_maxvalues equally until the routing socket reports: No buffer space available message no longer showed up. [1] 1:4.2.6.p3+dfsg-1ubuntu3.4+20150820lp1481388~2 https://launchpad.net/~eric-desrochers-z/+archive/ubuntu/lp1481388 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root
I was able to reproduce the problem on PRECISE (12.04) by lowering the kernel parameter value net.core.rmem_max. And then test my .deb build on my PPA[1] with the following upstream commits : - d6df9d3 [Bug 2224] Use-after-free in routing socket code after dropping root. - db47bd4 [Bug 2890] Ignore ENOBUFS on routing netlink socket. What the patch does ? === The program first read from the fd. On success, the number of bytes written into buf is returned. On error, the call returns −1 and sets errno If the call returns -1, then there is a verification to validate if the errno == ENOBUFS and then send to syslog the following message : routing socket reports: No buffer space available Otherwise, if errno is NOT ENOBUFS, then it close the socket (remove_asyncio_reader(reader);) and free the memory space (delete_asyncio_reader(reader);) And send to syslog the following message : i/o error on routing socket No buffer space available - disabling Before this patch, no matter what was the errno, it was automatically close() and free() without validation if ENOBUFS or not. To summarize, the patch allow the program to not close() and free() the socket when the a errno == ENOBUFS occur, but still send a message in syslog to notify the administrator. === If after installing the patch, you are receiving this kind of message in /var/log/syslog : routing socket reports: No buffer space available The next step, would be to increase the net.core.rmem_max and net.core.wmem_maxvalues equally until the routing socket reports: No buffer space available message no longer showed up. [1] 1:4.2.6.p3+dfsg-1ubuntu3.4+20150820lp1481388~2 https://launchpad.net/~eric-desrochers-z/+archive/ubuntu/lp1481388 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1481388 Title: NTP : Use-after-free in routing socket code after dropping root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs