[Secure-testing-team] Bug#636617: procps: sysctl raises an error at boot, possibly due to system V ordering problems with loading IPv6 modules

Vincent Deffontaines vdeffontaines at yahoo.fr
Thu Aug 4 15:58:03 UTC 2011

Package: procps
Version: 1:3.2.8-10
Severity: normal
Tags: security


Setting legal ipv6 options, such as "net.ipv6.conf.all.use_tempaddr = 2" in sysctl.conf, results in /etc/init.d/procps failing to load these options, because it is called too early in the boot process.
IPv6 module is not loaded at that time, and any IPv6 option will be refused.
I have set the "security" tag on this bug because this can typically result in some IPv6 security flags set by the sysadmin being ignored at reboot.

Fix suggestion : make sure that procps init.d script is called after module-init-tools' /etc/init.d/module-init-tools

I am not sure whether this could apply to other options from other packages.



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages procps depends on:
ii  initscripts                2.88dsf-13.11 scripts for initializing and shutt
ii  libc6                      2.13-10       Embedded GNU C Library: Shared lib
ii  libncurses5                5.9-1         shared libraries for terminal hand
ii  libncursesw5               5.9-1         shared libraries for terminal hand
ii  lsb-base                   3.2-27        Linux Standard Base 3.2 init scrip

Versions of packages procps recommends:
ii  psmisc                        22.13-1    utilities that use the proc file s

procps suggests no packages.

-- Configuration Files:
/etc/sysctl.conf changed:
net.ipv6.conf.all.use_tempaddr = 2

-- no debconf information

More information about the Secure-testing-team mailing list