| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20121115010324.2707950c@lola.kot> Date: Thu, 15 Nov 2012 01:03:24 +0200 From: George Kargiotakis <kargig@...d.gr> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org Subject: Re: Linux kernel handling of IPv6 temporary addresses On Wed, 14 Nov 2012 16:29:56 -0500 (EST) David Miller <davem@...emloft.net> wrote: > From: George Kargiotakis <kargig@...d.gr> > Date: Wed, 14 Nov 2012 23:14:11 +0200 > > > Due to the way the Linux kernel handles the creation of IPv6 > > temporary addresses a malicious LAN user can remotely disable them > > altogether which may lead to privacy violations and information > > disclosure. > > A malicious user who can emit random packets as root on your LAN can > also corrupt your ARP cache with entries that point to the wrong MAC > address. > > What's your point? Hello, I think it's an issue that a LAN root user can disable a locally enabled kernel "feature" for good. The kernel could provide a somewhat more informative message on such an occasion taking place, since it knows that max_addresses limit has been reached and it's not a DAD failure. My point is that I'd like the kernel to handle this situation a bit differently than it currently does. Best regards, -- George Kargiotakis https://void.gr GPG KeyID: 0xE4F4FFE6 GPG Fingerprint: 9EB8 31BE C618 07CE 1B51 818D 4A0A 1BC8 E4F4 FFE6 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists