From: George Kargiotakis <kargig@void.gr>
To: David Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Subject: Re: Linux kernel handling of IPv6 temporary addresses
Date: Thu, 15 Nov 2012 01:03:24 +0200 [thread overview]
Message-ID: <20121115010324.2707950c@lola.kot> (raw)
In-Reply-To: <20121114.162956.610530798200803185.davem@davemloft.net>
On Wed, 14 Nov 2012 16:29:56 -0500 (EST)
David Miller <davem@davemloft.net> wrote:
> From: George Kargiotakis <kargig@void.gr>
> Date: Wed, 14 Nov 2012 23:14:11 +0200
>
> > Due to the way the Linux kernel handles the creation of IPv6
> > temporary addresses a malicious LAN user can remotely disable them
> > altogether which may lead to privacy violations and information
> > disclosure.
>
> A malicious user who can emit random packets as root on your LAN can
> also corrupt your ARP cache with entries that point to the wrong MAC
> address.
>
> What's your point?
Hello,
I think it's an issue that a LAN root user can disable a
locally enabled kernel "feature" for good. The kernel could provide a
somewhat more informative message on such an occasion taking place,
since it knows that max_addresses limit has been reached and it's not a
DAD failure.
My point is that I'd like the kernel to handle this situation a bit
differently than it currently does.
Best regards,
--
George Kargiotakis
https://void.gr
GPG KeyID: 0xE4F4FFE6
GPG Fingerprint: 9EB8 31BE C618 07CE 1B51 818D 4A0A 1BC8 E4F4 FFE6
next prev parent reply other threads:[~2012-11-14 23:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-14 21:14 Linux kernel handling of IPv6 temporary addresses George Kargiotakis
2012-11-14 21:29 ` David Miller
2012-11-14 23:03 ` George Kargiotakis [this message]
2012-11-14 23:08 ` David Miller
2012-11-16 21:27 ` Ben Hutchings
2012-12-27 15:57 ` George Kargiotakis
2012-12-27 16:54 ` Eric Dumazet
2012-12-28 17:19 ` Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121115010324.2707950c@lola.kot \
--to=kargig@void.gr \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox