implement some kernel network security features

Bug #55850 reported by John Moser on 2006-08-10
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
procps (Ubuntu)
Wishlist
Kees Cook
Nominated for Dapper by Robert Bifarella
Nominated for Hardy by Robert Bifarella
Nominated for Jaunty by Robert Bifarella
Nominated for Karmic by Robert Bifarella
Nominated for Lucid by Robert Bifarella
Nominated for Maverick by Robert Bifarella

Bug Description

Bug created to link to specification:

https://launchpad.net/distros/ubuntu/+spec/improved-networking-security-kernel

This bug serves to house a patch I diffed out.

John Moser (nigelenki) wrote :

here is a patch to /etc/sysctl with loads of commentary.

towsonu2003 (towsonu2003) wrote :

sorry for my ignorance, but which package is the patch for? if kernel (looks like so), which version? dapper / edgy / st. before dapper? thanks (asking for triaging)

John Moser (nigelenki) wrote :

bluefox@icebox:~$ dpkg -S /etc/sysctl.conf
procps: /etc/sysctl.conf

procps, methinks. The target is some time after Edgy, and apparently the spec is now networking-security-sysctls.

'net.ipv4.conf.all.accept_redirects=0' has been disputed; the perceived problem seems to be that some bad infrastructure (two routers plugged into a switch hosting a network segment) will suffer excessive network traffic between the routers without redirects; and the threat of spoofing redirects (READ: NO AUTHENTICATION HERE) is outweighed by the threat of Ubuntu causing extra traffic because network administrators don't know how to enable this feature.

Anthony S (aaaantoine) wrote :

This was reported/submitted over a year ago. Has the patch been implemented yet? Is it still relevant?

Anthony S (aaaantoine) wrote :

Specification link is broken. No updates since October 2006. I'm closing this.

Changed in procps:
status: New → Invalid
John Moser (nigelenki) wrote :
Changed in procps:
status: Invalid → New
Daniel T Chen (crimsun) on 2008-08-24
Changed in procps:
importance: Undecided → Wishlist
status: New → Triaged
Bryce Harrington (bryce) on 2011-06-07
Changed in procps (Ubuntu):
assignee: nobody → Kees Cook (kees)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers