[Bug 176125] Re: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr)

Launchpad Bug Tracker 176125 at bugs.launchpad.net
Wed Feb 22 00:45:12 UTC 2012 

This bug was fixed in the package network-manager -
0.9.2.0+git201202161854.8572ecf-0ubuntu4

---------------
network-manager (0.9.2.0+git201202161854.8572ecf-0ubuntu4) precise; urgency=low

  [ Gabor Kelemen ]
  * debian/network-manager.upstart: Make NM aware of the locale. (LP: #875017)

  [ Mathieu Trudel-Lapierre ]
  * debian/patches/lp936712_dnsmasq_ip6_ns_ordering.patch: order IPv6
    nameservers before IPv4 ones in dnsmasq config: dnsmasq is able to properly
    deal with broken IPv6 nameservers (or routers). (LP: #936712)
  * debian/control: add Conflicts: connman to network-manager. (LP: #659460)
  * debian/patches/manage-privacy-extensions.patch: set the default for using
    IPv6 Privacy extensions to TRUE; this is just correcting an oversight from
    adapting the upstream patch. (LP: #176125)
 -- Mathieu Trudel-Lapierre <mathieu-tl at ubuntu.com>   Tue, 21 Feb 2012 19:40:35 -0500

** Changed in: network-manager (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/176125

Title:
  Ubuntu should activate the IPv6 privacy extension by default (echo 2
  >/proc/sys/net/ipv6/conf/all/use_tempaddr)

Status in “network-manager” package in Ubuntu:
  Fix Released
Status in “procps” package in Ubuntu:
  Fix Released

Bug description:
  Binary package hint: procps

  Some background information:
  recently "Free ADSL", one of the biggest ISP in France, added IPv6 support possibly exposing 2.5 millions of users to IPv6

  The address are configured automatically and by default linux will build it using the MAC address. However this presents a risk of privacy loss:
  - there is an unique identifier which can be used by website to track the location of a laptop or pda
  - some information about the model of the network card (other information can be probably derived if you know the serial number of the card) is leaked

  The following rfc (http://tools.ietf.org/html/draft-ietf-ipngwg-temp-
  addresses-v2-00) mitigitates this problems by introducing temporary
  addresses to be used by outgoing connection (in addition to the static
  address which can be used for incoming connection and have a dns name
  associated with it).

  To activate it under linux you just need to activate the following in sysctl:
  echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr
  or add "net.ipv6.conf.all.use_tempaddr=2"

  thanks for protecting the privacy of the clueless users by default :)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/176125/+subscriptions

More information about the foundations-bugs mailing list