| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMcMvshXgKCpwLFPzUWvmacTuqmSEjDfPgvZU2BHeC+WcXRH0A@mail.gmail.com> Date: Tue, 13 Sep 2011 12:56:28 -0700 From: Paul Stewart <pstew@...omium.org> To: Bjørn Mork <bjorn@...k.no> Cc: netdev@...r.kernel.org Subject: Re: [PATCHv2] ipv6: Create module parameter for use_tempaddr On Tue, Sep 13, 2011 at 11:39 AM, Bjørn Mork <bjorn@...k.no> wrote: > Paul Stewart <pstew@...omium.org> writes: > >> When ipv6 is used as a module, there is no good place to set >> the default value for use_tempaddr. Using sysctl.conf will >> set this parameter too early -- before the module is loaded. >> To solve this, create a module parameter that will set the >> default value of use_tempaddr for all devices. > > How is use_tempaddr any different from the other /proc/sys/net/ipv6/* > variables? Do you want to add a module parameter for all of them? With use_tempaddr and ipv6 loaded as a module, there is a gap of time between addrconf starting up and whatever configuration one would use to set use_tempaddr (you can't use sysctl.conf since module-load time might be much later). By the time boot scripts (or whatever you'd use) are able to tweak use_tempaddr, it might be too late and the global-trackable address (related to the MAC address) might end up in use. This negates the entire point of use_tempaddr. If any of the other flags suffer this badly at module-load time, I'd be happy to add module parameters for them, but this is the only one that I've come to be aware of. > Why can't you run sysctl with an ipv6-specific sysctl.conf at a time > fitting your boot sequence? Or load the ipv6 module before sysctl is > loads the default sysctl.conf if that is what you want? Or just set the > variables in your network configuration scripts, prior to bringing the > interfaces up? > > Or do as most people do nowadays: Forget that ipv6 can be built as a > module, and just use it builtin. It's not like it can be unloaded > anyway, so building it as a module does not give you anything. All helpful suggestions. However, I'm not yet willing to accept the claim that ipv6 cannot be used as a module unless the rest of the system is painstakingly crafted to close any races between addrconf, sysctl and other IPv6-using processes. That strikes me as far too brittle. -- Paul -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists