[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-12-10 Thread Launchpad Bug Tracker 
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.6

---
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.6) trusty; urgency=medium

  * Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
  fix logic in ntpd/ntp_io.c (LP: #1481388)

 -- Eric Desrochers   Thu, 29 Oct 2015
09:34:22 -0400

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-12-10 Thread Launchpad Bug Tracker 
This bug was fixed in the package ntp - 1:4.2.6.p3+dfsg-1ubuntu3.7

---
ntp (1:4.2.6.p3+dfsg-1ubuntu3.7) precise; urgency=medium

  * Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
  fix logic in ntpd/ntp_io.c (LP: #1481388)

 -- Eric Desrochers   Thu, 29 Oct 2015
09:47:20 -0400

** Changed in: ntp (Ubuntu Precise)
   Status: Fix Committed => Fix Released

** Changed in: ntp (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-12-10 Thread Launchpad Bug Tracker 
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu2.14.04.6

---
ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.6) trusty; urgency=medium

  * Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
  fix logic in ntpd/ntp_io.c (LP: #1481388)

 -- Eric Desrochers   Thu, 29 Oct 2015
09:34:22 -0400

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-12-10 Thread Launchpad Bug Tracker 
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu6.3

---
ntp (1:4.2.6.p5+dfsg-3ubuntu6.3) vivid; urgency=medium

  * Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
  fix logic in ntpd/ntp_io.c (LP: #1481388)

 -- Eric Desrochers   Thu, 29 Oct 2015
09:18:12 -0400

** Changed in: ntp (Ubuntu Vivid)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-12-10 Thread Launchpad Bug Tracker 
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu6.3

---
ntp (1:4.2.6.p5+dfsg-3ubuntu6.3) vivid; urgency=medium

  * Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
  fix logic in ntpd/ntp_io.c (LP: #1481388)

 -- Eric Desrochers   Thu, 29 Oct 2015
09:18:12 -0400

** Changed in: ntp (Ubuntu Vivid)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-12-10 Thread Launchpad Bug Tracker 
This bug was fixed in the package ntp - 1:4.2.6.p3+dfsg-1ubuntu3.7

---
ntp (1:4.2.6.p3+dfsg-1ubuntu3.7) precise; urgency=medium

  * Fix use-after-free in routing socket code (closes: #795315)
- debian/patches/use-after-free-in-routing-socket.patch:
  fix logic in ntpd/ntp_io.c (LP: #1481388)

 -- Eric Desrochers   Thu, 29 Oct 2015
09:47:20 -0400

** Changed in: ntp (Ubuntu Precise)
   Status: Fix Committed => Fix Released

** Changed in: ntp (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-12-10 Thread Eric Desrochers 
** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-12-10 Thread Eric Desrochers 
** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-19 Thread Brian Murray 
** Tags removed: verification-done
** Tags added: verification-done-trusty verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-19 Thread Brian Murray 
** Tags removed: verification-done
** Tags added: verification-done-trusty verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-16 Thread Eric Desrochers 
** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-16 Thread Simon Déziel 
I've been using the -proposed package on 15 Trusty machines since it was
published. Again, I never was able to reproduce the original problem but
I saw no regression either.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-16 Thread Simon Déziel 
I've been using the -proposed package on 15 Trusty machines since it was
published. Again, I never was able to reproduce the original problem but
I saw no regression either.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-16 Thread Eric Desrochers 
** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-11 Thread Chris J Arges 
Hello Eric, or anyone else affected,

Accepted ntp into trusty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-
3ubuntu2.14.04.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: ntp (Ubuntu Trusty)
   Status: In Progress => Fix Committed

** Tags removed: verification-done

** Tags added: verification-needed

** Changed in: ntp (Ubuntu Precise)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-11 Thread Chris J Arges 
Hello Eric, or anyone else affected,

Accepted ntp into vivid-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-
3ubuntu6.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: ntp (Ubuntu Vivid)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-11 Thread Chris J Arges 
Hello Eric, or anyone else affected,

Accepted ntp into vivid-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-
3ubuntu6.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: ntp (Ubuntu Vivid)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-11 Thread Chris J Arges 
Hello Eric, or anyone else affected,

Accepted ntp into trusty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-
3ubuntu2.14.04.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: ntp (Ubuntu Trusty)
   Status: In Progress => Fix Committed

** Tags removed: verification-done

** Tags added: verification-needed

** Changed in: ntp (Ubuntu Precise)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-10 Thread Sebastien Bacher 
sponsored to precise/trusty/vivid (though i'm unsure vivid is useful
since it's not the current stable)

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-10 Thread Sebastien Bacher 
sponsored to precise/trusty/vivid (though i'm unsure vivid is useful
since it's not the current stable)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-05 Thread Eric Desrochers 
** Tags added: sts

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-11-05 Thread Eric Desrochers 
** Tags added: sts

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-29 Thread Eric Desrochers 
** Patch removed: "debdiff for precise"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4452908/+files/lp1481388_precise.debdiff

** Patch removed: "debdiff for trusty"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4453392/+files/lp1481388_trusty.debdiff

** Patch removed: "debdiff for vivid"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456186/+files/lp1481388_vivid.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-29 Thread Eric Desrochers 
** Patch removed: "debdiff for precise"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4452908/+files/lp1481388_precise.debdiff

** Patch removed: "debdiff for trusty"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4453392/+files/lp1481388_trusty.debdiff

** Patch removed: "debdiff for vivid"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456186/+files/lp1481388_vivid.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-29 Thread Eric Desrochers 
Here is the rebase debdiff for Precise

** Patch added: "Rebase Precise debdiff"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508496/+files/lp1481388_rebase_precise.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-29 Thread Eric Desrochers 
Here is the rebase debdiff for Vivid

** Patch added: "Rebase Vivid debdiff"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508498/+files/lp1481388_rebase_vivid.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-29 Thread Eric Desrochers 
Here is the rebase debdiff for Trusty

** Patch added: "Rebase Trusty debdiff"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508494/+files/lp1481388_rebase_trusty.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-29 Thread Eric Desrochers 
Here is the rebase debdiff for Trusty

** Patch added: "Rebase Trusty debdiff"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508494/+files/lp1481388_rebase_trusty.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-29 Thread Eric Desrochers 
Here is the rebase debdiff for Precise

** Patch added: "Rebase Precise debdiff"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508496/+files/lp1481388_rebase_precise.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-29 Thread Eric Desrochers 
Here is the rebase debdiff for Vivid

** Patch added: "Rebase Vivid debdiff"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4508498/+files/lp1481388_rebase_vivid.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-28 Thread Eric Desrochers 
Hi Mathew,

I have the knowledge of the code, I will rebase the debdiffs for V/T/P

Note: I checked and Xenial has the patch already.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-28 Thread Eric Desrochers 
Hi Mathew,

I have the knowledge of the code, I will rebase the debdiffs for V/T/P

Note: I checked and Xenial has the patch already.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Eric Desrochers 
** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Eric Desrochers 
** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Simon Déziel 
Eric, I've been running the proposed version on many systems and haven't
found any regression. Do you think this would be ready to move on to
-updates now?

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Simon Déziel 
Eric, I've been running the proposed version on many systems and haven't
found any regression. Do you think this would be ready to move on to
-updates now?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Eric Desrochers 
Good evening Chris,

This bug has been brought to my attention by someone in the community.
Unfortunately, I never had a confirmation from him if the fix solve his
issue or not... but as state in comment #5 & #11, I've been able to
reproduce the problem and make sure it addressed the situation.

The reproducer is basically to lower down the value of
"net.core.[m-r]mem_default" and adding multiples network interface +
static route.

FYI, the same fix has been also applied in Debian

ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315

Let me know if you need anything else.

Thanks !

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Eric Desrochers 
Good evening Chris,

This bug has been brought to my attention by someone in the community.
Unfortunately, I never had a confirmation from him if the fix solve his
issue or not... but as state in comment #5 & #11, I've been able to
reproduce the problem and make sure it addressed the situation.

The reproducer is basically to lower down the value of
"net.core.[m-r]mem_default" and adding multiples network interface +
static route.

FYI, the same fix has been also applied in Debian

ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315

Let me know if you need anything else.

Thanks !

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Chris Halse Rogers 
Has anyone who was able to reproduce the original crash tested the
packages from trusty-proposed (or precise or vivid) to check that the
crash is actually fixed?

It's good that it doesn't seem to regress anything, but we also want to
know whether it *fixes* anything :)

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Chris Halse Rogers 
Has anyone who was able to reproduce the original crash tested the
packages from trusty-proposed (or precise or vivid) to check that the
crash is actually fixed?

It's good that it doesn't seem to regress anything, but we also want to
know whether it *fixes* anything :)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Mathew Hodson 
This SRU has been shadowed by a security update and needs to be re-
merged.

** Changed in: ntp (Ubuntu Precise)
   Status: Fix Committed => In Progress

** Changed in: ntp (Ubuntu Trusty)
   Status: Fix Committed => In Progress

** Changed in: ntp (Ubuntu Vivid)
   Status: Fix Committed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Mathew Hodson 
This SRU has been shadowed by a security update and needs to be re-
merged.

** Changed in: ntp (Ubuntu Precise)
   Status: Fix Committed => In Progress

** Changed in: ntp (Ubuntu Trusty)
   Status: Fix Committed => In Progress

** Changed in: ntp (Ubuntu Vivid)
   Status: Fix Committed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Eric Desrochers 
Good evening Mathew,

Does it mean I need to re-do the debdiffs ?

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Eric Desrochers 
Good evening Mathew,

Does it mean I need to re-do the debdiffs ?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Mathew Hodson 
I think it is probably necessary to rebase the debdiffs on the new
versions in case there are any confilcts. There were a lot of changes as
you can see here http://www.ubuntu.com/usn/usn-2783-1/ .

I don't have direct knowledge of the code though.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-10-27 Thread Mathew Hodson 
I think it is probably necessary to rebase the debdiffs on the new
versions in case there are any confilcts. There were a lot of changes as
you can see here http://www.ubuntu.com/usn/usn-2783-1/ .

I don't have direct knowledge of the code though.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-17 Thread Eric Desrochers 
Simon,  you may want to add a few ethernet interfaces and static routes.

I was able to reproduce it with ~6 network interface.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-17 Thread Eric Desrochers 
Simon,  you may want to add a few ethernet interfaces and static routes.

I was able to reproduce it with ~6 network interface.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-17 Thread Simon Déziel 
Err, I meant I couldn't reproduce the issue with and without the patch.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-17 Thread Simon Déziel 
Err, I meant I couldn't reproduce the issue with and without the patch.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-17 Thread Simon Déziel 
I tried to reproduce the problem by lowering {r,w}mem_max on Precise and
Trusty's *unpatched* version to no avail. On the up side, I couldn't
find any regression with the update version.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-17 Thread Simon Déziel 
I tried to reproduce the problem by lowering {r,w}mem_max on Precise and
Trusty's *unpatched* version to no avail. On the up side, I couldn't
find any regression with the update version.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-17 Thread Simon Déziel 
Eric, I don't know if that's a good test case but on my patched Trusty
box:

  root@xeon:~# uname -a
  Linux xeon 3.13.0-63-generic #103-Ubuntu SMP Fri Aug 14 21:42:59 UTC 2015 
x86_64 x86_64 x86_64 GNU/Linux
  root@xeon:~# sysctl net.core.wmem_max=4650
  net.core.wmem_max = 4700
  root@xeon:~# sysctl net.core.rmem_max=2400
  net.core.rmem_max = 2400
  root@xeon:~# (ip -4 ro ; ip -6 ro) | wc -l
  43
  root@xeon:~# (ip -4 a; ip -6 a) | grep -c inet
  34
  root@xeon:~# ip link | grep -c link
  23
  root@xeon:~# dpkg -l | awk '{if ($2 == "ntp") print $3}'
  1:4.2.6.p5+dfsg-3ubuntu2.14.04.4
  root@xeon:~# /etc/init.d/ntp restart
  root@xeon:~# netstat -puant | grep -c ntpd
  36

Then syslog shows nothing abnormal. It says "Listen normally on
{2..35}". FYI, many of those interfaces a vnetX interfaces belonging to
VMs so I don't know if they really count. Trying to lower {r,w}mem_max
even more result in "Invalid argument". Please let me know if I'm doing
something wrong.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-17 Thread Simon Déziel 
Eric, I don't know if that's a good test case but on my patched Trusty
box:

  root@xeon:~# uname -a
  Linux xeon 3.13.0-63-generic #103-Ubuntu SMP Fri Aug 14 21:42:59 UTC 2015 
x86_64 x86_64 x86_64 GNU/Linux
  root@xeon:~# sysctl net.core.wmem_max=4650
  net.core.wmem_max = 4700
  root@xeon:~# sysctl net.core.rmem_max=2400
  net.core.rmem_max = 2400
  root@xeon:~# (ip -4 ro ; ip -6 ro) | wc -l
  43
  root@xeon:~# (ip -4 a; ip -6 a) | grep -c inet
  34
  root@xeon:~# ip link | grep -c link
  23
  root@xeon:~# dpkg -l | awk '{if ($2 == "ntp") print $3}'
  1:4.2.6.p5+dfsg-3ubuntu2.14.04.4
  root@xeon:~# /etc/init.d/ntp restart
  root@xeon:~# netstat -puant | grep -c ntpd
  36

Then syslog shows nothing abnormal. It says "Listen normally on
{2..35}". FYI, many of those interfaces a vnetX interfaces belonging to
VMs so I don't know if they really count. Trying to lower {r,w}mem_max
even more result in "Invalid argument". Please let me know if I'm doing
something wrong.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-16 Thread Bug Watch Updater 
Launchpad has imported 8 comments from the remote bug at
http://bugs.ntp.org/show_bug.cgi?id=2224.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2012-06-11T13:37:37+00:00 Ktamateas wrote:

Hello everyone, I want to file a bug.

Run command: ntpd --user=ntpd:ntpd --logfile=/var/log/ntpd.log

It runs for some seconds and then is segfaults.
Happens only when I use both the --user and --logfile parameters.
Happens only when I have configured it with --enable-clockctl alone.
If configured with both --enable-clockctl and --enable-linuxcaps it works OK.

/var/log/ntpd.log: -rw-r--r-- 1 ntpd ntpd 21957 Jun 11 14:49 /var/log/ntpd.log
/etc/passwd: ntpd:x:10:17:ntpd:/dev/null:/bin/false
/etc/group: ntpd:x:1008:
/etc/ntpd.conf is empty.

Strace gives in the end: http://pastebin.com/Bujn2MNn
With more advanced debugging I got: http://pastebin.com/YNWBrRJG
When runs in normal manner, strace gives: http://pastebin.com/2JpzK4jh

In my humble opinion, the error occurs when ntpd tries to do something
with the network interfaces.

My machine is a kernel 2.6.35.14 with glibc 2.14.1. 
ntpd - NTP daemon program - Ver. 4.2.6p5

Greetings.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/0


On 2012-06-11T17:10:44+00:00 Dave Hart wrote:

Thanks for the report.  The additional debugging paste is short enough
to include directly in the comments:

==24767== Invalid read of size 8
==24767==at 0x411048: input_handler (ntp_io.c:3621)
==24767==by 0x414B84: ntpdmain (ntpd.c:1078)
==24767==by 0x406448: main (ntpd.c:356)
==24767==  Address 0x5e897f0 is 0 bytes inside a block of size 32 free'd
==24767==at 0x4C26649: free (in 
/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24767==by 0x411072: input_handler (ntp_io.c:3619)
==24767==by 0x414B84: ntpdmain (ntpd.c:1078)
==24767==by 0x406448: main (ntpd.c:356)

The code in question is:


#ifdef HAS_ROUTING_SOCKET
/*
 * scan list of asyncio readers - currently only used for routing 
sockets
 */
asyncio_reader = asyncio_reader_list;

while (asyncio_reader != NULL) {
if (FD_ISSET(asyncio_reader->fd, )) {
++select_count;
(asyncio_reader->receiver)(asyncio_reader); /*3619 */
}
asyncio_reader = asyncio_reader->link; /* 3621 */
}
#endif /* HAS_ROUTING_SOCKET */

line 3619 is calling process_routing_msgs() which, after root is
dropped, is noticing a failed read or other error and removing the entry
from asyncio_reader_list and free()ing it, triggering the valgrind
catch.

I bet can be worked around by adding -U 0 to the command line to disable
dynamic interface updates, I suspect (I could be wrong, too).  To patch
it, we need to add a "next_asyncio_reader" local variable of the same
type as asyncio_reader, and assign to it asyncio_reader->link before if
(FD_ISSET(..., and change the asyncio_reader assignment to use the saved
next_asyncio_reader.  I will get that ready for ntp-dev, and am
requesting 4.2.6 blocking in case we do another release of that stable
version.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/1


On 2012-06-11T18:12:06+00:00 Dave Hart wrote:

Ready in:

~hart/ntp-dev-2224

Reply at:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/2


On 2012-06-12T06:23:04+00:00 Ktamateas wrote:

(In reply to comment #2)
> Ready in:
> 
> ~hart/ntp-dev-2224

How can I see the code difference?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/3


On 2012-06-12T07:56:53+00:00 Dave Hart wrote:

Created attachment 883
pending patch for Bug 2224

With a bit of luck it'll be in 4.2.7p280 before too long.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/4


On 2012-06-12T08:24:23+00:00 Ktamateas wrote:

(In reply to comment #4)
> Created attachment 883 [details]
> pending patch for Bug 2224
> 
> With a bit of luck it'll be in 4.2.7p280 before too long.

We consider 4.2.7p XXX stable revisions ?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/5


On 2012-06-12T08:50:50+00:00 Dave Hart wrote:

(In reply to comment #5)
> (In reply to comment #4)
> > Created attachment 883 [details]
> > pending

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-16 Thread Bug Watch Updater 
Launchpad has imported 8 comments from the remote bug at
http://bugs.ntp.org/show_bug.cgi?id=2224.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.


On 2012-06-11T13:37:37+00:00 Ktamateas wrote:

Hello everyone, I want to file a bug.

Run command: ntpd --user=ntpd:ntpd --logfile=/var/log/ntpd.log

It runs for some seconds and then is segfaults.
Happens only when I use both the --user and --logfile parameters.
Happens only when I have configured it with --enable-clockctl alone.
If configured with both --enable-clockctl and --enable-linuxcaps it works OK.

/var/log/ntpd.log: -rw-r--r-- 1 ntpd ntpd 21957 Jun 11 14:49 /var/log/ntpd.log
/etc/passwd: ntpd:x:10:17:ntpd:/dev/null:/bin/false
/etc/group: ntpd:x:1008:
/etc/ntpd.conf is empty.

Strace gives in the end: http://pastebin.com/Bujn2MNn
With more advanced debugging I got: http://pastebin.com/YNWBrRJG
When runs in normal manner, strace gives: http://pastebin.com/2JpzK4jh

In my humble opinion, the error occurs when ntpd tries to do something
with the network interfaces.

My machine is a kernel 2.6.35.14 with glibc 2.14.1. 
ntpd - NTP daemon program - Ver. 4.2.6p5

Greetings.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/0


On 2012-06-11T17:10:44+00:00 Dave Hart wrote:

Thanks for the report.  The additional debugging paste is short enough
to include directly in the comments:

==24767== Invalid read of size 8
==24767==at 0x411048: input_handler (ntp_io.c:3621)
==24767==by 0x414B84: ntpdmain (ntpd.c:1078)
==24767==by 0x406448: main (ntpd.c:356)
==24767==  Address 0x5e897f0 is 0 bytes inside a block of size 32 free'd
==24767==at 0x4C26649: free (in 
/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24767==by 0x411072: input_handler (ntp_io.c:3619)
==24767==by 0x414B84: ntpdmain (ntpd.c:1078)
==24767==by 0x406448: main (ntpd.c:356)

The code in question is:


#ifdef HAS_ROUTING_SOCKET
/*
 * scan list of asyncio readers - currently only used for routing 
sockets
 */
asyncio_reader = asyncio_reader_list;

while (asyncio_reader != NULL) {
if (FD_ISSET(asyncio_reader->fd, )) {
++select_count;
(asyncio_reader->receiver)(asyncio_reader); /*3619 */
}
asyncio_reader = asyncio_reader->link; /* 3621 */
}
#endif /* HAS_ROUTING_SOCKET */

line 3619 is calling process_routing_msgs() which, after root is
dropped, is noticing a failed read or other error and removing the entry
from asyncio_reader_list and free()ing it, triggering the valgrind
catch.

I bet can be worked around by adding -U 0 to the command line to disable
dynamic interface updates, I suspect (I could be wrong, too).  To patch
it, we need to add a "next_asyncio_reader" local variable of the same
type as asyncio_reader, and assign to it asyncio_reader->link before if
(FD_ISSET(..., and change the asyncio_reader assignment to use the saved
next_asyncio_reader.  I will get that ready for ntp-dev, and am
requesting 4.2.6 blocking in case we do another release of that stable
version.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/1


On 2012-06-11T18:12:06+00:00 Dave Hart wrote:

Ready in:

~hart/ntp-dev-2224

Reply at:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/2


On 2012-06-12T06:23:04+00:00 Ktamateas wrote:

(In reply to comment #2)
> Ready in:
> 
> ~hart/ntp-dev-2224

How can I see the code difference?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/3


On 2012-06-12T07:56:53+00:00 Dave Hart wrote:

Created attachment 883
pending patch for Bug 2224

With a bit of luck it'll be in 4.2.7p280 before too long.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/4


On 2012-06-12T08:24:23+00:00 Ktamateas wrote:

(In reply to comment #4)
> Created attachment 883 [details]
> pending patch for Bug 2224
> 
> With a bit of luck it'll be in 4.2.7p280 before too long.

We consider 4.2.7p XXX stable revisions ?

Reply at:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/comments/5


On 2012-06-12T08:50:50+00:00 Dave Hart wrote:

(In reply to comment #5)
> (In reply to comment #4)
> > Created attachment 883 [details]
> > pending

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-16 Thread Launchpad Bug Tracker 
** Branch linked: lp:ubuntu/vivid-proposed/ntp

** Branch linked: lp:ubuntu/precise-proposed/ntp

** Branch linked: lp:~ubuntu-branches/ubuntu/trusty/ntp/trusty-proposed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-16 Thread Launchpad Bug Tracker 
** Branch linked: lp:ubuntu/vivid-proposed/ntp

** Branch linked: lp:ubuntu/precise-proposed/ntp

** Branch linked: lp:~ubuntu-branches/ubuntu/trusty/ntp/trusty-proposed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-16 Thread Chris J Arges 
Hello Eric, or anyone else affected,

Accepted ntp into trusty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-
3ubuntu2.14.04.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: ntp (Ubuntu Trusty)
   Status: In Progress => Fix Committed

** Tags added: verification-needed

** Changed in: ntp (Ubuntu Precise)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-16 Thread Chris J Arges 
Hello Eric, or anyone else affected,

Accepted ntp into trusty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/ntp/1:4.2.6.p5+dfsg-
3ubuntu2.14.04.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: ntp (Ubuntu Trusty)
   Status: In Progress => Fix Committed

** Tags added: verification-needed

** Changed in: ntp (Ubuntu Precise)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-16 Thread Bug Watch Updater 
** Changed in: ntp (Debian)
   Status: Unknown => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-16 Thread Bug Watch Updater 
** Changed in: ntp (Debian)
   Status: Unknown => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-15 Thread Launchpad Bug Tracker 
** Branch linked: lp:ubuntu/ntp

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-15 Thread Launchpad Bug Tracker 
** Branch linked: lp:ubuntu/ntp

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-15 Thread Marc Deslauriers 
** Bug watch added: Debian Bug tracker #795315
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315

** Also affects: ntp (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315
   Importance: Unknown
   Status: Unknown

** Bug watch added: bugs.ntp.org/ #2224
   http://bugs.ntp.org/show_bug.cgi?id=2224

** Also affects: ntp via
   http://bugs.ntp.org/show_bug.cgi?id=2224
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-15 Thread Marc Deslauriers 
** Bug watch added: Debian Bug tracker #795315
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315

** Also affects: ntp (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795315
   Importance: Unknown
   Status: Unknown

** Bug watch added: bugs.ntp.org/ #2224
   http://bugs.ntp.org/show_bug.cgi?id=2224

** Also affects: ntp via
   http://bugs.ntp.org/show_bug.cgi?id=2224
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-15 Thread Marc Deslauriers 
ACK on the debdiffs, thanks!

I've slightly modified the whitespace in the changelog and have added
the bug number, and have uploaded it to wily, and to the other releases
for processing by the SRU team.


** Tags removed: verification-done

** Changed in: ntp (Ubuntu Wily)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-15 Thread Launchpad Bug Tracker 
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu7

---
ntp (1:4.2.6.p5+dfsg-3ubuntu7) wily; urgency=medium

  * Fix use-after-free in routing socket code (LP: #1481388)
- debian/patches/use-after-free-in-routing-socket.patch
  fix logic in ntpd/ntp_io.c
  * Fix to ignore ENOBUFS on routing netlink socket
- debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch
  fix logic in ntpd/ntp_io.c

 -- Eric Desrochers   Wed, 02 Sep 2015
09:57:16 -0400

** Changed in: ntp (Ubuntu Wily)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-15 Thread Launchpad Bug Tracker 
This bug was fixed in the package ntp - 1:4.2.6.p5+dfsg-3ubuntu7

---
ntp (1:4.2.6.p5+dfsg-3ubuntu7) wily; urgency=medium

  * Fix use-after-free in routing socket code (LP: #1481388)
- debian/patches/use-after-free-in-routing-socket.patch
  fix logic in ntpd/ntp_io.c
  * Fix to ignore ENOBUFS on routing netlink socket
- debian/patches/ignore-ENOBUFS-on-routing-netlink-socket.patch
  fix logic in ntpd/ntp_io.c

 -- Eric Desrochers   Wed, 02 Sep 2015
09:57:16 -0400

** Changed in: ntp (Ubuntu Wily)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-15 Thread Marc Deslauriers 
ACK on the debdiffs, thanks!

I've slightly modified the whitespace in the changelog and have added
the bug number, and have uploaded it to wily, and to the other releases
for processing by the SRU team.


** Tags removed: verification-done

** Changed in: ntp (Ubuntu Wily)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-02 Thread Eric Desrochers 
debdiff for wily

** Patch added: "debdiff for wily"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456187/+files/lp1481388_wily.debdiff

** Changed in: ntp (Ubuntu Wily)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-02 Thread Eric Desrochers 
** Changed in: ntp (Ubuntu Wily)
   Importance: Low => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-02 Thread Eric Desrochers 
** Changed in: ntp (Ubuntu Wily)
   Importance: Low => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-02 Thread Eric Desrochers 
debdiff for vivid

** Patch added: "debdiff for vivid"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456186/+files/lp1481388_vivid.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-02 Thread Eric Desrochers 
debdiff for vivid

** Patch added: "debdiff for vivid"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456186/+files/lp1481388_vivid.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-02 Thread Eric Desrochers 
debdiff for wily

** Patch added: "debdiff for wily"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4456187/+files/lp1481388_wily.debdiff

** Changed in: ntp (Ubuntu Wily)
   Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-02 Thread Eric Desrochers 
** Patch removed: "debdiff for Vivid"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4455714/+files/lp1481388_vivid.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-02 Thread Eric Desrochers 
** Patch removed: "debdiff for Vivid"
   
https://bugs.launchpad.net/ubuntu/vivid/+source/ntp/+bug/1481388/+attachment/4455714/+files/lp1481388_vivid.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-01 Thread Eric Desrochers 
debdiff for Vivid

** Patch added: "debdiff for Vivid"
   
https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1481388/+attachment/4455714/+files/lp1481388_vivid.debdiff

** Changed in: ntp (Ubuntu Vivid)
   Status: Confirmed => In Progress

** Changed in: ntp (Ubuntu Vivid)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-09-01 Thread Eric Desrochers 
debdiff for Vivid

** Patch added: "debdiff for Vivid"
   
https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1481388/+attachment/4455714/+files/lp1481388_vivid.debdiff

** Changed in: ntp (Ubuntu Vivid)
   Status: Confirmed => In Progress

** Changed in: ntp (Ubuntu Vivid)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-27 Thread Eric Desrochers 
I also noticed the situation can be reproduced at boot if the value of
net.core.rmem_default is too low.

I reproduced it by only lowering the net.core.rmem_default = 2000
value with 6 network interface at boot.

ntpd[851]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
ntpd[851]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
ntpd[851]: Listen and drop on 1 v6wildcard :: UDP 123
ntpd[851]: Listen normally on 2 eth1 192.168.1.10 UDP 123
ntpd[851]: Listen normally on 3 eth2 192.168.2.10 UDP 123
ntpd[851]: Listen normally on 4 eth3 192.168.3.10 UDP 123
ntpd[851]: Listen normally on 5 eth4 192.168.4.10 UDP 123
ntpd[851]: Listen normally on 6 eth5 192.168.5.10 UDP 123
ntpd[851]: Listen normally on 7 eth6 192.168.6.10 UDP 123
ntpd[851]: peers refreshed
ntpd[851]: Listening on routing socket on fd #24 for interface updates
ntpd[851]: Deferring DNS for 0.ubuntu.pool.ntp.org 1
ntpd[851]: Deferring DNS for 1.ubuntu.pool.ntp.org 1
ntpd[851]: Deferring DNS for 2.ubuntu.pool.ntp.org 1
ntpd[851]: Deferring DNS for 3.ubuntu.pool.ntp.org 1
ntpd[851]: Deferring DNS for ntp.ubuntu.com 1
ntpd[864]: signal_no_reset: signal 17 had flags 400
=== ntpd[851]: i/o error on routing socket No buffer space available - 
disabling ===

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-27 Thread Eric Desrochers 
debdiff for trusty

** Patch added: 1:4.2.6.p5+dfsg-3ubuntu2.14.04.4
   
https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1481388/+attachment/4453392/+files/lp1481388_trusty.debdiff

** Changed in: ntp (Ubuntu Trusty)
   Status: Confirmed = In Progress

** Changed in: ntp (Ubuntu Trusty)
   Importance: Undecided = Medium

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-27 Thread Eric Desrochers 
debdiff for trusty

** Patch added: 1:4.2.6.p5+dfsg-3ubuntu2.14.04.4
   
https://bugs.launchpad.net/ubuntu/precise/+source/ntp/+bug/1481388/+attachment/4453392/+files/lp1481388_trusty.debdiff

** Changed in: ntp (Ubuntu Trusty)
   Status: Confirmed = In Progress

** Changed in: ntp (Ubuntu Trusty)
   Importance: Undecided = Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-27 Thread Eric Desrochers 
I also noticed the situation can be reproduced at boot if the value of
net.core.rmem_default is too low.

I reproduced it by only lowering the net.core.rmem_default = 2000
value with 6 network interface at boot.

ntpd[851]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
ntpd[851]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
ntpd[851]: Listen and drop on 1 v6wildcard :: UDP 123
ntpd[851]: Listen normally on 2 eth1 192.168.1.10 UDP 123
ntpd[851]: Listen normally on 3 eth2 192.168.2.10 UDP 123
ntpd[851]: Listen normally on 4 eth3 192.168.3.10 UDP 123
ntpd[851]: Listen normally on 5 eth4 192.168.4.10 UDP 123
ntpd[851]: Listen normally on 6 eth5 192.168.5.10 UDP 123
ntpd[851]: Listen normally on 7 eth6 192.168.6.10 UDP 123
ntpd[851]: peers refreshed
ntpd[851]: Listening on routing socket on fd #24 for interface updates
ntpd[851]: Deferring DNS for 0.ubuntu.pool.ntp.org 1
ntpd[851]: Deferring DNS for 1.ubuntu.pool.ntp.org 1
ntpd[851]: Deferring DNS for 2.ubuntu.pool.ntp.org 1
ntpd[851]: Deferring DNS for 3.ubuntu.pool.ntp.org 1
ntpd[851]: Deferring DNS for ntp.ubuntu.com 1
ntpd[864]: signal_no_reset: signal 17 had flags 400
=== ntpd[851]: i/o error on routing socket No buffer space available - 
disabling ===

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Eric Desrochers 
** Changed in: ntp (Ubuntu Precise)
 Assignee: (unassigned) = Eric Desrochers (eric-desrochers-z)

** Changed in: ntp (Ubuntu Vivid)
 Assignee: (unassigned) = Eric Desrochers (eric-desrochers-z)

** Changed in: ntp (Ubuntu Precise)
   Status: New = Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Eric Desrochers 
** Changed in: ntp (Ubuntu Precise)
   Importance: Undecided = Medium

** Changed in: ntp (Ubuntu Vivid)
   Status: New = Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Eric Desrochers 
debdiff for precise


** Description changed:

+ [Impact]
+ 
+  * User experienced repeated segfaults at the same instruction pointer
+ 
+ i/o error on routing socket No buffer space available - disabling
+ segfault at 31 ip 0031 sp 79f11788 error 14 in 
libpthread-2.15.so[7f967a5d9000+18000] 
+ 
+ The remove_ and delete_ functions remove the current element from the
+ asyncio_reader_list, and free it, respectively.
+ 
+ We then return back to the loop at the top, wherein the asyncio_reader 
variable still points at the now-freed element, whose contents are (in theory) 
now scrambled
+ by having link pointers, etc, from internal malloc state overlaying the data.
+ 
+ [Test Case]
+ 
+ You can easily reproduce the bug by :
+ 
+ - Lowering the sysctl value net.core.rmem_max
+ 
+ $ sysctl -w net.core.wmem_max=LOWER_VALUE
+ This sets the max OS send buffer size for all types of connections.
+ 
+ - Adding multiple network interfaces and static routes.
+ 
+ [Regression Potential]
+ 
+ None expected since the fix is already available upstream
+ (https://github.com/ntp-project/ntp.git) and Debian package.
+ 
+ If after installing the patch, user are receiving this kind of message in 
/var/log/syslog : routing socket reports: No buffer space available.
+ The next step, would be to increase the net.core.rmem_max and 
net.core.wmem_max values equally until the routing socket reports: No buffer 
space available message no longer showed up.
+ 
+ [Other Info]
+ 
+ NTP upstream (https://github.com/ntp-project/ntp.git)
+ [Bug 2224] Use-after-free in routing socket code after dropping root. - 
Commit: d6df9d3
+ [Bug 2890] Ignore ENOBUFS on routing netlink socket. - Commit: db47bd4 
+ 
+ The use-after-free bug has been fix in Debian release (closes: #795315)
+ Will submit the ignore-ENOBUFS-on-routing-netlink-socket in Debian in the 
next days.
+ 
+ [Original Description]
+ 
  We have 1 server (among hundreds) that its ntp service is crashing.
  
  A few minute/seconds after a start attempts we can see the following in 
syslog:
  ntpd[2729]: peers refreshed
  ntpd[2729]: Listening on routing socket on fd #49 for interface updates
  ntpd[2729]: i/o error on routing socket No buffer space available - disabling
  kernel: [157516.495224] ntpd[2729]: segfault at 31 ip 0031 sp 
79f11788 error 14 in libpthread-2.15.so[7f967a5d9000+18000]
  
  OS: Ubuntu 12.04.4 LTS
  Kernel: 3.11.0-19-generic
  
  I tried to compare it to other servers, and the only thing I could find that 
is different is that while it's up (before it crashes) I can see the following 
when running lsof | grep ntp:
  ntpd 2729 ntp 49u sock 0,7 0t0 2473952565 can't identify protocol.

** Tags added: verification-done

** Changed in: ntp (Ubuntu Precise)
   Status: Confirmed = In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Eric Desrochers 
debdiff for precise

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Eric Desrochers 
debdiff for precise

** Patch added: debdiff for precise
   
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+attachment/4452908/+files/lp1481388_precise.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Eric Desrochers 
debdiff for precise


** Description changed:

+ [Impact]
+ 
+  * User experienced repeated segfaults at the same instruction pointer
+ 
+ i/o error on routing socket No buffer space available - disabling
+ segfault at 31 ip 0031 sp 79f11788 error 14 in 
libpthread-2.15.so[7f967a5d9000+18000] 
+ 
+ The remove_ and delete_ functions remove the current element from the
+ asyncio_reader_list, and free it, respectively.
+ 
+ We then return back to the loop at the top, wherein the asyncio_reader 
variable still points at the now-freed element, whose contents are (in theory) 
now scrambled
+ by having link pointers, etc, from internal malloc state overlaying the data.
+ 
+ [Test Case]
+ 
+ You can easily reproduce the bug by :
+ 
+ - Lowering the sysctl value net.core.rmem_max
+ 
+ $ sysctl -w net.core.wmem_max=LOWER_VALUE
+ This sets the max OS send buffer size for all types of connections.
+ 
+ - Adding multiple network interfaces and static routes.
+ 
+ [Regression Potential]
+ 
+ None expected since the fix is already available upstream
+ (https://github.com/ntp-project/ntp.git) and Debian package.
+ 
+ If after installing the patch, user are receiving this kind of message in 
/var/log/syslog : routing socket reports: No buffer space available.
+ The next step, would be to increase the net.core.rmem_max and 
net.core.wmem_max values equally until the routing socket reports: No buffer 
space available message no longer showed up.
+ 
+ [Other Info]
+ 
+ NTP upstream (https://github.com/ntp-project/ntp.git)
+ [Bug 2224] Use-after-free in routing socket code after dropping root. - 
Commit: d6df9d3
+ [Bug 2890] Ignore ENOBUFS on routing netlink socket. - Commit: db47bd4 
+ 
+ The use-after-free bug has been fix in Debian release (closes: #795315)
+ Will submit the ignore-ENOBUFS-on-routing-netlink-socket in Debian in the 
next days.
+ 
+ [Original Description]
+ 
  We have 1 server (among hundreds) that its ntp service is crashing.
  
  A few minute/seconds after a start attempts we can see the following in 
syslog:
  ntpd[2729]: peers refreshed
  ntpd[2729]: Listening on routing socket on fd #49 for interface updates
  ntpd[2729]: i/o error on routing socket No buffer space available - disabling
  kernel: [157516.495224] ntpd[2729]: segfault at 31 ip 0031 sp 
79f11788 error 14 in libpthread-2.15.so[7f967a5d9000+18000]
  
  OS: Ubuntu 12.04.4 LTS
  Kernel: 3.11.0-19-generic
  
  I tried to compare it to other servers, and the only thing I could find that 
is different is that while it's up (before it crashes) I can see the following 
when running lsof | grep ntp:
  ntpd 2729 ntp 49u sock 0,7 0t0 2473952565 can't identify protocol.

** Tags added: verification-done

** Changed in: ntp (Ubuntu Precise)
   Status: Confirmed = In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Eric Desrochers 
debdiff for precise

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Eric Desrochers 
debdiff for precise

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Eric Desrochers 
debdiff for precise

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Eric Desrochers 
debdiff for precise

** Patch added: debdiff for precise
   
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+attachment/4452908/+files/lp1481388_precise.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Eric Desrochers 
** Changed in: ntp (Ubuntu Precise)
 Assignee: (unassigned) = Eric Desrochers (eric-desrochers-z)

** Changed in: ntp (Ubuntu Vivid)
 Assignee: (unassigned) = Eric Desrochers (eric-desrochers-z)

** Changed in: ntp (Ubuntu Precise)
   Status: New = Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Eric Desrochers 
** Changed in: ntp (Ubuntu Precise)
   Importance: Undecided = Medium

** Changed in: ntp (Ubuntu Vivid)
   Status: New = Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Ubuntu Foundations Team Bug Bot 
The attachment debdiff for precise seems to be a debdiff.  The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff.  If the attachment isn't a
patch, please remove the patch flag from the attachment, remove the
patch tag, and if you are member of the ~ubuntu-sponsors, unsubscribe
the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-26 Thread Ubuntu Foundations Team Bug Bot 
The attachment debdiff for precise seems to be a debdiff.  The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff.  If the attachment isn't a
patch, please remove the patch flag from the attachment, remove the
patch tag, and if you are member of the ~ubuntu-sponsors, unsubscribe
the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-24 Thread Eric Desrochers 
I was able to reproduce the problem on PRECISE (12.04) by lowering the
kernel parameter value net.core.rmem_max.

And then test my .deb build on my PPA[1] with the following upstream
commits :

- d6df9d3 [Bug 2224] Use-after-free in routing socket code after dropping root.
- db47bd4 [Bug 2890] Ignore ENOBUFS on routing netlink socket.

What the patch does ?
===
The program first read from the fd. On success, the number of bytes written 
into buf is
returned. On error, the call returns −1 and sets errno

If the call returns -1, then there is a verification to validate if the
errno == ENOBUFS

and then send to syslog the following message : routing socket reports:
No buffer space available

Otherwise, if errno is NOT ENOBUFS, then it close the socket
(remove_asyncio_reader(reader);) and free the memory space
(delete_asyncio_reader(reader);)

And send to syslog the following message : i/o error on routing socket
No buffer space available - disabling

Before this patch, no matter what was the errno, it was automatically
close() and free() without validation if ENOBUFS or not.

To summarize, the patch allow the program to not close() and free() the socket 
when the a errno == ENOBUFS occur, but still send a message in syslog to notify 
the administrator.
=== 

If after installing the patch, you are receiving this kind of message in
/var/log/syslog : routing socket reports: No buffer space available
The next step, would be to increase the net.core.rmem_max and
net.core.wmem_maxvalues equally until the routing socket reports: No
buffer space available message no longer showed up.


[1] 1:4.2.6.p3+dfsg-1ubuntu3.4+20150820lp1481388~2
https://launchpad.net/~eric-desrochers-z/+archive/ubuntu/lp1481388

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1481388] Re: NTP : Use-after-free in routing socket code after dropping root

2015-08-24 Thread Eric Desrochers 
I was able to reproduce the problem on PRECISE (12.04) by lowering the
kernel parameter value net.core.rmem_max.

And then test my .deb build on my PPA[1] with the following upstream
commits :

- d6df9d3 [Bug 2224] Use-after-free in routing socket code after dropping root.
- db47bd4 [Bug 2890] Ignore ENOBUFS on routing netlink socket.

What the patch does ?
===
The program first read from the fd. On success, the number of bytes written 
into buf is
returned. On error, the call returns −1 and sets errno

If the call returns -1, then there is a verification to validate if the
errno == ENOBUFS

and then send to syslog the following message : routing socket reports:
No buffer space available

Otherwise, if errno is NOT ENOBUFS, then it close the socket
(remove_asyncio_reader(reader);) and free the memory space
(delete_asyncio_reader(reader);)

And send to syslog the following message : i/o error on routing socket
No buffer space available - disabling

Before this patch, no matter what was the errno, it was automatically
close() and free() without validation if ENOBUFS or not.

To summarize, the patch allow the program to not close() and free() the socket 
when the a errno == ENOBUFS occur, but still send a message in syslog to notify 
the administrator.
=== 

If after installing the patch, you are receiving this kind of message in
/var/log/syslog : routing socket reports: No buffer space available
The next step, would be to increase the net.core.rmem_max and
net.core.wmem_maxvalues equally until the routing socket reports: No
buffer space available message no longer showed up.


[1] 1:4.2.6.p3+dfsg-1ubuntu3.4+20150820lp1481388~2
https://launchpad.net/~eric-desrochers-z/+archive/ubuntu/lp1481388

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1481388

Title:
  NTP : Use-after-free in routing socket code after dropping root

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1481388/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

  1   2   >