| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Jan 2008 15:55:44 -0800 (PST) From: David Miller <davem@...emloft.net> To: yoshfuji@...ux-ipv6.org Cc: kkeil@...e.de, netdev@...r.kernel.org Subject: Re: Linux IPv6 DAD not full conform to RFC 4862 ? From: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@...ux-ipv6.org> Date: Thu, 10 Jan 2008 08:46:55 +0900 (JST) > In article <20080109.153212.144388472.davem@...emloft.net> (at Wed, 09 Jan 2008 15:32:12 -0800 (PST)), David Miller <davem@...emloft.net> says: > > > I question any RFC mandate that shuts down IP communication on a node > > because of packets received from remote systems. > > RFC4862 tell us that we SHOULD disable IP communication. > (IP means IPv6 here; IPv4 is out of scope.) > In IETF term, a SHOULD is almost a MUST. We are required to follow > unless we have very good reason to ignore it. A DoS by definition is a very good reason. > > If the TAHI test can trigger this, so can a compromised system on your > > network and won't that be fun? :-) > > So, I know the specification, but I have ignored it. > I think it is fine to implent in some way, but I do think we must have > a switch not to do this. Because of the above, the existing behavior must still stay the default. I hope this is your plan. By default Linux will not implement this SHOULD, it's a security issue. I more and more do not like these conformance tests, they leave no room whatsoever for handling bugs or ill-specified features in the specification. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists