Oops, my apologies, I did have a senior moment (but not the one I allluded to earlier)--the reference I found to runtime was in the man page for sysctl, not the README.
On Friday, August 12, 2016 10:54:52 AM Greg Wooledge wrote: > I did some web surfing when this thread was posted, to try to track > down *which kernel versions* are affected by this TCP security flaw. > I haven't seen this information posted yet. > > http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf says: > "The feature is outlined in RFC 5961, which is implemented faithfully > in Linux kernel version 3.6 from late 2012." > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696 says: > "net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly > determine the rate of challenge ACK segments, which makes it easier > for man-in-the-middle attackers to hijack TCP sessions via a blind > in-window attack." > > So the flaw appears to be in Linux kernels from 3.6 to 4.6 inclusive, > which includes Jessie (3.16) but not Wheezy (3.2) or earlier. > The jessie-backports kernel right now is 4.6, but only for a brief > time. The last plan I saw was for Stretch to ship with 4.10, which > should include the fix for this flaw. > > Now on to the thread: > > On Fri, Aug 12, 2016 at 10:42:36AM -0400, rhkra...@gmail.com wrote: > > In the README for sysctl on my wheezy system, it says "configure kernel > > parameters at runtime". > > Not on mine. > > greg@remote:~$ grep run /etc/sysctl.d/README.sysctl > greg@remote:~$ > > > I may be having a senior moment, but, atm, I'm not completely sure what > > runtime means > > "At boot time", I would think. But I don't know where your file actually > came from, so my guesses about the author's intent might be somewhat off. > > README.sysctl is short enough to post in its entirety here, so this is > what mine says on a wheezy system: > > ====================================================================== > Kernel system variables configuration files > > Files found under the /etc/sysctl.d directory that end with .conf are > parsed within sysctl(8) at boot time. If you want to set kernel variables > you can either edit /etc/sysctl.conf or make a new file. > > The filename isn't important, but don't make it a package name as it may > clash with something the package builder needs later. It must end with > .conf though. > > My personal preference would be for local system settings to go into > /etc/sysctl.d/local.conf but as long as you follow the rules for the names > of the file, anything will work. See sysctl.conf(8) man page for details > of the format. > ======================================================================