Date: Thu, 17 Jan 2013 14:27:25 +0200 From: George Kargiotakis <kargig@...d.gr> To: P J P <ppandit@...hat.com> Cc: oss-security@...ts.openwall.com Subject: Re: Linux kernel handling of IPv6 temporary addresses Hello, On Thu, 17 Jan 2013 17:21:33 +0530 (IST) P J P <ppandit@...hat.com> wrote: > +-- On Wed, 16 Jan 2013, George Kargiotakis wrote --+ > | valid_lft 131007sec preferred_lft 65471sec > | inet6 fd00:966b:7196:c731:222:aaff:fecc:1111/64 scope global > tentative dynamic | valid_lft 131007sec preferred_lft 65471sec > | > | what I also find wrong here is that all temporary addresses > (dynamic) | acquired have gotten the same last 64bits. I don't think > this is OK per RFC | 4941 even if not explicitly defined there. Every > temp. address created | should be different per prefix from the rest. > > True, the last few bits of the addresses are same as the IPv6 > address of the host, with scope::global, but no tentative dynamic > bits set. Plus network becomes unreachable till I reboot the host. > > | use_tempaddr for the iface still has '2' as its value > | # cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr > | 2 > > This value is always 0, before ifconfig eth0 down and after > ifconfig eth0 up. Ubuntu is the only distribution that has by default enabled Privacy Extensions as far as I know. On your RHEL it's '0' and that's why you weren't seeing any 'ipv6_create_tempaddr' as previously mentioned on your emails. If you change this value to '2' you'll also see those kernel messages. > > Thank you. > -- > Prasad J Pandit / Red Hat Security Response Team > DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B Regards, -- George Kargiotakis https://void.gr GPG KeyID: 0xE4F4FFE6 GPG Fingerprint: 9EB8 31BE C618 07CE 1B51 818D 4A0A 1BC8 E4F4 FFE6
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.