# ntpd crash with ipv6 on hardened (solved)

## opotonil

I have configured ipv6 on my hardened server with a tunnel with tunnelbroker configured on router with OpenWrt, it seem is working well:

```

# ping6 ipv6.google.com -c 3

PING ipv6.google.com(wy-in-x63.1e100.net) 56 data bytes

64 bytes from wy-in-x63.1e100.net: icmp_seq=1 ttl=55 time=46.6 ms

64 bytes from wy-in-x63.1e100.net: icmp_seq=2 ttl=55 time=46.8 ms

64 bytes from wy-in-x63.1e100.net: icmp_seq=3 ttl=55 time=46.3 ms

--- ipv6.google.com ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2002ms

rtt min/avg/max/mdev = 46.311/46.584/46.828/0.212 ms

```

Since server have support for ipv6 ntpd crash:

```

# /etc/init.d/ntpd start

 * Starting ntpd ...                                                      [ ok ]

# /etc/init.d/ntpd status

 * status: crashed

```

On logs I can see:

```

[414496.228869] ntpd[5936]: segfault at 8 ip 00000dddb9b4af91 sp 00007351740fce20 error 4 in ntpd[dddb9b2d000+91000]

[414496.228890] grsec: From 192.168.255.5: Segmentation fault occurred at 0000000000000008 in /usr/sbin/ntpd[ntpd:5936] uid/euid:123/123 gid/egid:123/123, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

[414496.228914] grsec: bruteforce prevention initiated against uid 123, banning for 15 minutes

```

```

Jul 30 14:20:44 server ntpd[5987]: ntpd 4.2.6p3@1.2290-o Mon Jul 25 18:01:27 UTC 2011 (1)

Jul 30 14:20:44 server ntpd[5988]: proto: precision = 0.312 usec

Jul 30 14:20:44 server ntpd[5988]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123

Jul 30 14:20:44 server ntpd[5988]: Listen and drop on 1 v6wildcard :: UDP 123

Jul 30 14:20:44 server ntpd[5988]: Listen normally on 2 lo 127.0.0.1 UDP 123

Jul 30 14:20:44 server ntpd[5988]: Listen normally on 3 eth0 192.168.255.2 UDP 123

Jul 30 14:20:44 server ntpd[5988]: Listen normally on 4 eth0 fe80::223:7dff:fe06:d28b UDP 123

Jul 30 14:20:44 server ntpd[5988]: Listen normally on 5 eth0 2001:xxx:xxxx:ffff::2 UDP 123

Jul 30 14:20:44 server ntpd[5988]: Listen normally on 6 lo ::1 UDP 123

Jul 30 14:20:44 server ntpd[5988]: peers refreshed

Jul 30 14:20:45 server ntpd[5988]: Cannot setuid() to user `ntp': Operation not permitted

```

If I comment ipv6 configuration on /etc/conf.d/net and system is rebooted, ntpd work well. If I comment ipv6 configuration on /etc/conf.d/net and network is restarted, ntpd don't work.Last edited by opotonil on Thu Aug 04, 2011 6:15 pm; edited 1 time in total

----------

## Hu

What is the output of emerge --info net-misc/ntp?  Does it help if net-misc/ntp is built with a non-hardened gcc?

----------

## opotonil

Output of emerge --info net-misc/ntp:

```

# emerge --info net-misc/ntp

Portage 2.2.0_alpha47 (hardened/linux/amd64, gcc-4.4.5, glibc-2.12.2-r0, 2.6.38-hardened-r6 x86_64)

=================================================================

                        System Settings

=================================================================

System uname: Linux-2.6.38-hardened-r6-x86_64-Intel-R-_Xeon-R-_CPU_E5405_@_2.00GHz-with-gentoo-2.0.3

Timestamp of tree: Fri, 29 Jul 2011 18:30:01 +0000

app-shells/bash:          4.1_p9

dev-lang/python:          2.7.1-r1, 3.1.3-r1

dev-util/cmake:           2.8.4-r1

dev-util/pkgconfig:       0.26

sys-apps/baselayout:      2.0.3

sys-apps/openrc:          0.8.3-r1

sys-apps/sandbox:         2.4

sys-devel/autoconf:       2.68

sys-devel/automake:       1.11.1

sys-devel/binutils:       2.20.1-r1

sys-devel/gcc:            4.4.5

sys-devel/gcc-config:     1.4.1-r1

sys-devel/libtool:        2.2.10

sys-devel/make:           3.82

sys-kernel/linux-headers: 2.6.36.1 (virtual/os-headers)

sys-libs/glibc:           2.12.2

Repositories: gentoo local

Installed sets: 

ACCEPT_KEYWORDS="amd64"

ACCEPT_LICENSE="* -@EULA"

CBUILD="x86_64-pc-linux-gnu"

CFLAGS="-march=core2 -mtune=generic -O2 -pipe"

CHOST="x86_64-pc-linux-gnu"

CONFIG_PROTECT="/etc /usr/share/openvpn/easy-rsa"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"

CXXFLAGS="-march=core2 -mtune=generic -O2 -pipe"

DISTDIR="/usr/portage/distfiles"

FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"

FFLAGS=""

GENTOO_MIRRORS="http://distfiles.gentoo.org"

LANG="es_ES.UTF-8"

LDFLAGS="-Wl,-O1 -Wl,--as-needed"

LINGUAS="es"

MAKEOPTS="-j5"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

PORTDIR_OVERLAY="/usr/portage/local"

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="acl amd64 bzip2 caps cgi cli cracklib crypt cups cxx dri fam gdbm gpm hardened iconv ipv6 jpeg justify mmx modules mudflap multilib mysql ncurses nls nptl nptlonly openmp pam pcre perl png pppd python readline samba scanner session sse sse2 ssl sysfs tcpd threads tiff unicode urandom usb xattr xinetd xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="braindump flow karbon kexi kpresenter krita tables words" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="es" PHP_TARGETS="php5-3" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby18" SANE_BACKENDS="net" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================

                        Package Settings

=================================================================

net-misc/ntp-4.2.6_p3 was built with the following:

USE="caps ipv6 (multilib) ssl -debug -openntpd -parse-clocks (-selinux) -snmp -vim-syntax -zeroconf"

```

I tried to build it with x86_64-pc-linux-gnu-4.4.5-vanilla, but error persist.Last edited by opotonil on Mon Aug 01, 2011 11:48 am; edited 1 time in total

----------

## Hu

That suggests a bug in ntp, which is easier to handle than a miscompilation bug.

You will probably need to obtain a core file and associated backtrace.

----------

## opotonil

I think the bug have to be reported to Gentoo bugzilla -> Gentoo Linux -> Component: hardened ¿this is correct?

For obtain a core file and associated backtrace, I am reading:

http://www.gentoo.org/proj/en/qa/backtraces.xml

I understand kernel is configured correctly:

```

# cat /usr/src/linux/.config | grep ELF_CORE

CONFIG_ELF_CORE=y

```

I modified make.conf

```

CFLAGS="-march=core2 -mtune=generic -O2 -pipe -ggdb"

```

and I have rebuilt ntp:

```

# FEATURE="$FEATURE splitdebug" emerge ntp

```

but when I try to get a core dump with

```

# ulimit -c unlimited

# /etc/init.d/ntpd start

 * Starting ntpd ...                                                      [ ok ]

```

and with

```

# ulimit -c unlimited

# /usr/sbin/ntpd -p /var/run/ntpd.pid -u ntp:ntp

```

on both cases I can't find any core or core.pid file ¿what I doing wrong?

----------

## Hu

I would need to investigate to see why no core dump is produced.  However, I can point out now that you wrote FEATURE=, but the correct spelling is FEATURES=.  Therefore, Portage ignored your change and stripped the binary anyway.  This would not prevent generation of a core file, but would make the generated core file difficult to use.

----------

## opotonil

Problem was using vde bridge (vde_pcapplug), ntp work well without it.

----------

