lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 13 Sep 2011 12:56:28 -0700
From:	Paul Stewart <pstew@...omium.org>
To:	Bjørn Mork <bjorn@...k.no>
Cc:	netdev@...r.kernel.org
Subject: Re: [PATCHv2] ipv6: Create module parameter for use_tempaddr

On Tue, Sep 13, 2011 at 11:39 AM, Bjørn Mork <bjorn@...k.no> wrote:
> Paul Stewart <pstew@...omium.org> writes:
>
>> When ipv6 is used as a module, there is no good place to set
>> the default value for use_tempaddr.  Using sysctl.conf will
>> set this parameter too early -- before the module is loaded.
>> To solve this, create a module parameter that will set the
>> default value of use_tempaddr for all devices.
>
> How is use_tempaddr any different from the other /proc/sys/net/ipv6/*
> variables?  Do you want to add a module parameter for all of them?

With use_tempaddr and ipv6 loaded as a module, there is a gap of time
between addrconf starting up and whatever configuration one would use
to set use_tempaddr (you can't use sysctl.conf since module-load time
might be much later).  By the time boot scripts (or whatever you'd
use) are able to tweak use_tempaddr, it might be too late and the
global-trackable address (related to the MAC address) might end up in
use.  This negates the entire point of use_tempaddr.  If any of the
other flags suffer this badly at module-load time, I'd be happy to add
module parameters for them, but this is the only one that I've come to
be aware of.

> Why can't you run sysctl with an ipv6-specific sysctl.conf at a time
> fitting your boot sequence?  Or load the ipv6 module before sysctl is
> loads the default sysctl.conf if that is what you want?  Or just set the
> variables in your network configuration scripts, prior to bringing the
> interfaces up?
>
> Or do as most people do nowadays:  Forget that ipv6 can be built as a
> module, and just use it builtin.  It's not like it can be unloaded
> anyway, so building it as a module does not give you anything.

All helpful suggestions.  However, I'm not yet willing to accept the
claim that ipv6 cannot be used as a module unless the rest of the
system is painstakingly crafted to close any races between addrconf,
sysctl and other IPv6-using processes.  That strikes me as far too
brittle.

--
Paul
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ