Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 17 Jan 2013 17:21:33 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss-security@...ts.openwall.com
cc: kargig@...d.gr
Subject: Re: Linux kernel handling of IPv6 temporary
 addresses

+-- On Wed, 16 Jan 2013, George Kargiotakis wrote --+
|        valid_lft 131007sec preferred_lft 65471sec
|  inet6 fd00:966b:7196:c731:222:aaff:fecc:1111/64 scope global tentative dynamic 
|        valid_lft 131007sec preferred_lft 65471sec
| 
| what I also find wrong here is that all temporary addresses (dynamic) 
| acquired have gotten the same last 64bits. I don't think this is OK per RFC 
| 4941 even if not explicitly defined there. Every temp. address created 
| should be different per prefix from the rest.

   True, the last few bits of the addresses are same as the IPv6 address of 
the host, with scope::global, but no tentative dynamic bits set. Plus network 
becomes unreachable till I reboot the host.

| use_tempaddr for the iface still has '2' as its value
| # cat /proc/sys/net/ipv6/conf/eth0/use_tempaddr 
| 2

   This value is always 0, before ifconfig eth0 down and after ifconfig eth0 
up.

Thank you.
--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.