| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20121114.180824.1930899985436392426.davem@davemloft.net> Date: Wed, 14 Nov 2012 18:08:24 -0500 (EST) From: David Miller <davem@...emloft.net> To: kargig@...d.gr Cc: netdev@...r.kernel.org Subject: Re: Linux kernel handling of IPv6 temporary addresses From: George Kargiotakis <kargig@...d.gr> Date: Thu, 15 Nov 2012 01:03:24 +0200 > I think it's an issue that a LAN root user can disable a > locally enabled kernel "feature" for good. The kernel could provide a > somewhat more informative message on such an occasion taking place, > since it knows that max_addresses limit has been reached and it's not a > DAD failure. > > My point is that I'd like the kernel to handle this situation a bit > differently than it currently does. Read my example again, it's the same thing for ipv4. The root LAN user can disable all IPV4 communications to arbitrary IP addresses on the local LAN by emitting bogus ARP requests and poisoning everyone's caches. What's the difference between that and this arbitrary ipv6 issue? There is none at all. If you have a root person on your local LAN you're subject to injection of bogus addressing and routing information. This issue is not specific to ipv4 or ipv6 and is fundamental in nature. So it is misleading to bring this up as an ipv6 specific problem, it's not. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists