Re: Bug#684072: CVE-2011-2393: ICMPv6 Router Announcement flooding DoS
Hi Petr,
On 31/08/12 20:06, Petr Salinger wrote:
> But we have only two choices
>
> a) allow autoconfiguration and trust the network to provide correct input
> for autoconfiguration
These are only accepted link-locally, and if someone can flood the link
layer with bogus rtadv packets they could flood with anything and still
cause a DoS. What really matters, I think, is that the system doesn't
crash and that _other_ network interfaces still function.
A safe, tunable limit on how many IPs/routes can be configured through
this mechanism seems sensible.
There was a patch proposed in PR/158726, which implements a _global_
limit. But that still means bogus rtadv's received on one interface
could break autoconfiguration on another; a per-interface limit would
be the only way to avoid that.
Unless upstream decide on a good way to patch this, we could choose to
ignore the issue (as something that must be handled by the sysadmin if
the situation arises), or:
> b) disable autoconfiguration and configure interface manually
But if someone is already relying on IPv6 autoconfiguration, changing
the default could leave their system inaccessible after a kernel update.
IPv6-only networks might also depend on this feature to perform a
network install. If it is disabled by default, we ought to provide an
easy way to re-enable it.
And this wouldn't really fix anything anyway; if someone needs to
enable rtadv on their system they become vulnerable to the same issue again.
Regards,
--
Steven Chamberlain
steven@pyro.eu.org
Reply to: