lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 15 Feb 2009 14:05:03 +0000
From:	Teran McKinney <sega01@...il.com>
To:	David Miller <davem@...emloft.net>
Cc:	pekkas@...core.fi, netdev@...r.kernel.org
Subject: Re: net.ipv6.conf.INT.accept_ra_rt_info_max_plen defaults to 0

Hey,

I personally think that 64 would be a reasonable default route length,
but am currently setting it to 120 in Icadyptes to be safe (probably
closer to excessive). More so, I'm just happy that it is supported,
even though it is disabled by default. Few people use it in the first
place, and I don't see what harm it could bring other than alternative
perspectives on potential security issues that already exist in NDP.

@Pekka: Thanks for bringing this up. I think a short note in
radvd.conf.example might help, but I should do a blog post so that
Google is more useful if you aren't searching with exactly the right
terminology.

Thanks,
Teran

On Tue, Feb 3, 2009 at 05:36, David Miller <davem@...emloft.net> wrote:
> From: Pekka Savola <pekkas@...core.fi>
> Date: Tue, 3 Feb 2009 06:38:49 +0200 (EET)
>
>> As reported and discussed below and in
>> <http://www.mail-archive.com/debian-ipv6@lists.debian.org/msg03753.html>,
>> to accept "route information option" on Linux, you have to manually
>> change accept_ra_rt_info_max_plen sysctl value.  Other
>> implementations that I know of accept this by default.
>>
>> Is it intentional that Route Information options are ignored by default?
>>
>> I suspect not -- if so, the default value should be (IMHO) 64 or if
>> that's disagreeable, 48.
>>
>> Even if this is intentional, I think the intentions should be revisited.
>
> It looks very intentional, both via the code and it's documentation
> in ip-sysctl.txt
>
> It seems that it is disabled like this by default when
> accept_ra_rtr_pref is enabled, and that seems pretty reasonable to me.
>
> I'm sure whoever made that decision didn't do so on a whim and had
> a very good reason for it.
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists