Hi Petr, On 31/08/12 20:06, Petr Salinger wrote: > But we have only two choices > > a) allow autoconfiguration and trust the network to provide correct input > for autoconfiguration
These are only accepted link-locally, and if someone can flood the link layer with bogus rtadv packets they could flood with anything and still cause a DoS. What really matters, I think, is that the system doesn't crash and that _other_ network interfaces still function. A safe, tunable limit on how many IPs/routes can be configured through this mechanism seems sensible. There was a patch proposed in PR/158726, which implements a _global_ limit. But that still means bogus rtadv's received on one interface could break autoconfiguration on another; a per-interface limit would be the only way to avoid that. Unless upstream decide on a good way to patch this, we could choose to ignore the issue (as something that must be handled by the sysadmin if the situation arises), or: > b) disable autoconfiguration and configure interface manually But if someone is already relying on IPv6 autoconfiguration, changing the default could leave their system inaccessible after a kernel update. IPv6-only networks might also depend on this feature to perform a network install. If it is disabled by default, we ought to provide an easy way to re-enable it. And this wouldn't really fix anything anyway; if someone needs to enable rtadv on their system they become vulnerable to the same issue again. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
