lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 15 Feb 2009 14:05:03 +0000 From: Teran McKinney <sega01@...il.com> To: David Miller <davem@...emloft.net> Cc: pekkas@...core.fi, netdev@...r.kernel.org Subject: Re: net.ipv6.conf.INT.accept_ra_rt_info_max_plen defaults to 0 Hey, I personally think that 64 would be a reasonable default route length, but am currently setting it to 120 in Icadyptes to be safe (probably closer to excessive). More so, I'm just happy that it is supported, even though it is disabled by default. Few people use it in the first place, and I don't see what harm it could bring other than alternative perspectives on potential security issues that already exist in NDP. @Pekka: Thanks for bringing this up. I think a short note in radvd.conf.example might help, but I should do a blog post so that Google is more useful if you aren't searching with exactly the right terminology. Thanks, Teran On Tue, Feb 3, 2009 at 05:36, David Miller <davem@...emloft.net> wrote: > From: Pekka Savola <pekkas@...core.fi> > Date: Tue, 3 Feb 2009 06:38:49 +0200 (EET) > >> As reported and discussed below and in >> <http://www.mail-archive.com/debian-ipv6@lists.debian.org/msg03753.html>, >> to accept "route information option" on Linux, you have to manually >> change accept_ra_rt_info_max_plen sysctl value. Other >> implementations that I know of accept this by default. >> >> Is it intentional that Route Information options are ignored by default? >> >> I suspect not -- if so, the default value should be (IMHO) 64 or if >> that's disagreeable, 48. >> >> Even if this is intentional, I think the intentions should be revisited. > > It looks very intentional, both via the code and it's documentation > in ip-sysctl.txt > > It seems that it is disabled like this by default when > accept_ra_rtr_pref is enabled, and that seems pretty reasonable to me. > > I'm sure whoever made that decision didn't do so on a whim and had > a very good reason for it. > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists