[Bug 841353] Re: please enable IPv6 privacy extensions by default
Kees Cook
kees at ubuntu.com
Mon Dec 12 19:07:02 UTC 2011
Does this fix actually work? There was a lot of discussion in 176125
about there being races and other problems with just setting the sysctl
like this.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/841353
Title:
please enable IPv6 privacy extensions by default
Status in “procps” package in Ubuntu:
Fix Released
Bug description:
We don't appear to enable IPv6 privacy extensions[1] by default.
Could we please do so? Leaking the MAC address of any IPv6 enabled
device is both undesirable and a regression from IPv4.
Enabling them appears to be as simple as a sysctl.d file with the
following in it:
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
With those set, I now have 3 IPv6 addresses, one link local, one with
my MAC address and one without my MAC address. Although my machine
will answer to all 3 it will only use the non-MAC address based one
for outbound traffic.
[1] http://tools.ietf.org/html/rfc4941
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/841353/+subscriptions
More information about the foundations-bugs
mailing list