[ntp:questions] Re: Strange ntpd problem

Chris Brenton cbrenton at chrisbrenton.org
Sun May 29 00:11:07 UTC 2005


Greeting John,

On Sat, 2005-05-28 at 18:53, John DeDourek wrote:
>
> Consider the possibility that you encountered the bug described
> in Red Hat Bugzilla, but number 154759
> (this link might work:
>     https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154759
> )

This seems to be it as I'm running 2.6.11-1.27_FC3 as well. Thanks for
the link!

> Briefly, Fedora Core 3 includes a new security feature that
> attempts to prevent some exploits performed by means of buffer
> overruns. The security feature terminates processes when it
> thinks code is being executed from the stack. 

One of the notes mentioned that ntpd would start for them about 1 out of
every 5 times. With this in mind, I just kept trying to restart ntpd and
sure enough, on the 5th to 6th try and started, kept running, and is now
servicing connections.

> Whether it is a bug in ntpd (good programs don't execute code from
> the stack), a bug in one of the libraries used by ntpd, or a
> bug in the security checks is being investigated.

Of course I'm not sure its all that great of a security check if the
program is actually permitted to execute occasionally. Also kind of
weird that this only happens on one system. I have ntpd running now on 3
other identical systems without a problem. Still, at least I now know
what the problem is as well as a workaround. running execstack cures the
problem.

Thanks again for the help!
Chris





More information about the questions mailing list