Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 17 Jan 2013 14:27:25 +0200
From: George Kargiotakis <kargig@...d.gr>
To: P J P <ppandit@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: Linux kernel handling of IPv6 temporary
 addresses

Hello, 

On Thu, 17 Jan 2013 17:21:33 +0530 (IST)
P J P <ppandit@...hat.com> wrote:

> +-- On Wed, 16 Jan 2013, George Kargiotakis wrote --+
> |        valid_lft 131007sec preferred_lft 65471sec
> |  inet6 fd00:966b:7196:c731:222:aaff:fecc:1111/64 scope global
> tentative dynamic |        valid_lft 131007sec preferred_lft 65471sec
> | 
> | what I also find wrong here is that all temporary addresses
> (dynamic) | acquired have gotten the same last 64bits. I don't think
> this is OK per RFC | 4941 even if not explicitly defined there. Every
> temp. address created | should be different per prefix from the rest.
> 
>    True, the last few bits of the addresses are same as the IPv6
> address of the host, with scope::global, but no tentative dynamic
> bits set. Plus network becomes unreachable till I reboot the host.
> 
> | use_tempaddr for the iface still has '2' as its value
> | # cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr 
> | 2
> 
>    This value is always 0, before ifconfig eth0 down and after
> ifconfig eth0 up.

Ubuntu is the only distribution that has by default enabled Privacy
Extensions as far as I know. On your RHEL it's '0' and
that's why you weren't seeing any 'ipv6_create_tempaddr' as previously
mentioned on your emails. If you change this value to '2' you'll also
see those kernel messages.

> 
> Thank you.
> --
> Prasad J Pandit / Red Hat Security Response Team
> DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B


Regards,
-- 
George Kargiotakis
https://void.gr
GPG KeyID: 0xE4F4FFE6
GPG Fingerprint: 9EB8 31BE C618 07CE 1B51 818D 4A0A 1BC8 E4F4 FFE6

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.