Ubuntu
procps package

implement some kernel network security features

Bug #55850 reported by John Moser on 2006-08-10

10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	procps (Ubuntu)	Triaged	Wishlist	Kees Cook
Nominated for Dapper by Robert Bifarella
Nominated for Hardy by Robert Bifarella
Nominated for Jaunty by Robert Bifarella
Nominated for Karmic by Robert Bifarella
Nominated for Lucid by Robert Bifarella
Nominated for Maverick by Robert Bifarella

Bug Description

Bug created to link to specification:

https://launchpad.net/distros/ubuntu/+spec/improved-networking-security-kernel

This bug serves to house a patch I diffed out.

Revision history for this message

John Moser (nigelenki) wrote on 2006-08-10:

#1

sysctl.conf diff to implement all everything Edit (2.8 KiB, text/plain)

here is a patch to /etc/sysctl with loads of commentary.

Revision history for this message

towsonu2003 (towsonu2003) wrote on 2006-10-10:

#2

sorry for my ignorance, but which package is the patch for? if kernel (looks like so), which version? dapper / edgy / st. before dapper? thanks (asking for triaging)

Revision history for this message

John Moser (nigelenki) wrote on 2006-10-10:

#3

bluefox@icebox:~$ dpkg -S /etc/sysctl.conf
procps: /etc/sysctl.conf

procps, methinks. The target is some time after Edgy, and apparently the spec is now networking-security-sysctls.

'net.ipv4.conf.all.accept_redirects=0' has been disputed; the perceived problem seems to be that some bad infrastructure (two routers plugged into a switch hosting a network segment) will suffer excessive network traffic between the routers without redirects; and the threat of spoofing redirects (READ: NO AUTHENTICATION HERE) is outweighed by the threat of Ubuntu causing extra traffic because network administrators don't know how to enable this feature.

Revision history for this message

Anthony S (aaaantoine) wrote on 2007-08-13:

#4

This was reported/submitted over a year ago. Has the patch been implemented yet? Is it still relevant?

Revision history for this message

Anthony S (aaaantoine) wrote on 2007-09-10:

#5

Specification link is broken. No updates since October 2006. I'm closing this.

Changed in procps:
status:	New → Invalid

Revision history for this message

John Moser (nigelenki) wrote on 2007-10-11:

#6

https://launchpad.net/ubuntu/+spec/networking-security-sysctls

Changed in procps:
status:	Invalid → New

Daniel T Chen (crimsun) on 2008-08-24

Changed in procps:
importance:	Undecided → Wishlist
status:	New → Triaged

Bryce Harrington (bryce) on 2011-06-07

Changed in procps (Ubuntu):
assignee:	nobody → Kees Cook (kees)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related blueprints

Networking Improvements Utilizing Kernel Settings

Patches

sysctl.conf diff to implement all everything Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.