[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#968712: marked as done (IPv6 default accept_redirect not honoured)

Your message dated Thu, 01 May 2025 14:41:13 +0200 (CEST)
with message-id <20250501124113.62148BE2DE0@eldamar.lan>
and subject line Closing this bug (BTS maintenance for src:linux bugs)
has caused the Debian Bug report #968712,
regarding IPv6 default accept_redirect not honoured
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
968712: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968712
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: procps
Version: 2:3.3.15-2
Severity: important
Tags: ipv6 security

Dear maintainers,

on a fresh Debian stable (or sid) install, with a PC with one or more (wired) LAN interfaces, I can see following behaviour:

a) In /etc/sysctl.conf, set
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0

b) Reboot

c) Check the values in /proc - some interfaces are still 1 (some real interfaces, not just loopback).

While nowadays, it's not a "big" security risk for most people, this still is an undesireable security problem, and might hint for a larger problem around sysctl settings in IPv6.

For IPv4, everything seems to work fine (except loopback stays 1 there too, but that's expected I think).

Thank you 


-- System Information:
Debian Release: 10.5
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-10-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages procps depends on:
ii  init-system-helpers  1.56+nmu1
ii  libc6                2.28-10
ii  libncurses6          6.1+20181013-2+deb10u2
ii  libncursesw6         6.1+20181013-2+deb10u2
ii  libprocps7           2:3.3.15-2
ii  libtinfo6            6.1+20181013-2+deb10u2
ii  lsb-base             10.2019051400

Versions of packages procps recommends:
pn  psmisc  <none>

procps suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Hi

This bug was filed for a (very) old kernel or the bug is old itself
without resolution. Maybe it was for a feature enablement which nobody
acted on. We are sorry we were not able to timely deal with this issue.
There are many open bugs for the src:linux package and thus we are
closing older bugs where it's unclear if they still occur in newer
versions and are still relevant to the reporter. For an overview see:
https://bugs.debian.org/src:linux .

If you can reproduce your issue with

- the current version in unstable/testing
- the latest kernel from backports

or, if it was a feature addition/wishlist and still consider it
relevant, then:

Please reopen the bug, see https://www.debian.org/Bugs/server-control
for details.

Please try to provide as much fresh details including kernel logs where
relevant. In particular were an issue is coupled with specific hardware we
might ask you to do additional debugging on your side as the owner of the
hardware.

Regards,
Salvatore

--- End Message ---
Reply to: