Bug#556967: closed by Ben Hutchings b...@decadent.org.uk (Re: Bug#556967: IPv6 is not compiled as module)

2009-11-19 Thread Klaus Ethgen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Mi den 18. Nov 2009 um 21:33 schrieb Debian Bug Tracking System:
 Date: Wed, 18 Nov 2009 20:26:34 +
 From: Ben Hutchings b...@decadent.org.uk
[...]
  Maybe the Severity is to low rated as that is a security bug!
  
  The IPv6 support is not compiled as module than fix in the kernel. So
  there is no way to switch IPv6 off.
 [...]
 
 This is not true.  You can add ipv6.disable=1 to the command line.

Ok, then there is a workaround, thanks.

But the bug is not solved as there is no reason to compile ipv6
integrated in the kernel. More over the ipv6.disable is not documented.
man bootparam do not show it, grep -ri ipv6
/usr/src/linux-*/Documentation give no hint and I did not found it
anywhere. I also did try grep -r module_param_named /usr/src/linux/net
but it is not found that way too. On the other hand, if ipv6 is compiled
as module it is pretty easy to switch it off.

Regards
   Klaus
- -- 
Klaus Ethgenhttp://www.ethgen.de/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen kl...@ethgen.de
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iQEUAwUBSwUKvp+OKpjRpO3lAQrsAQf2JamYZPGUULYVMHiG/YwBh/RHT7rSis/S
zoo79mMQTAct+C45T/naWCt+O+ohIxW/l6zJC+Czhye+H48wx+/i+evs6kJB/Dko
AP/EWUJx7vOmIHGOrrcVWdMZBggwau/5Qtsty4Za6jAn02mSyd5RPte9J0CVs+WH
9cQdwFe5K7/5bHU5w9mBZkQQRwe9gn9gzYtrATcEJdazJ0VguxdS5x+Rz76WzMzt
3uUpBOMbuRsvjki2RO2SwWxLDPR2T74Cqyf/IlsTxSW1YWlZA6gYcd7ruEXSD8+1
xcx11HQIaMZyzaIqoMSyyoArNeAqFaqoU+8Y9RC2ON+MpytuiXtx
=+WW6
-END PGP SIGNATURE-



-- 
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#556967: closed by Ben Hutchings b...@decadent.org.uk (Re: Bug#556967: IPv6 is not compiled as module)

2009-11-19 Thread Ben Hutchings 
On Thu, 2009-11-19 at 10:07 +0100, Klaus Ethgen wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA512
 
 Am Mi den 18. Nov 2009 um 21:33 schrieb Debian Bug Tracking System:
  Date: Wed, 18 Nov 2009 20:26:34 +
  From: Ben Hutchings b...@decadent.org.uk
 [...]
   Maybe the Severity is to low rated as that is a security bug!
   
   The IPv6 support is not compiled as module than fix in the kernel. So
   there is no way to switch IPv6 off.
  [...]
  
  This is not true.  You can add ipv6.disable=1 to the command line.
 
 Ok, then there is a workaround, thanks.
 
 But the bug is not solved as there is no reason to compile ipv6
 integrated in the kernel. More over the ipv6.disable is not documented.
[...]

It's documented as a module parameter in
Documentation/networking/ipv6.txt.  When modular code is built-in, its
module parameters become kernel command line parameters.

Ben.

-- 
Ben Hutchings
Beware of bugs in the above code;
I have only proved it correct, not tried it. - Donald Knuth


signature.asc
Description: This is a digitally signed message part

Bug#556967: closed by Ben Hutchings b...@decadent.org.uk (Re: Bug#556967: IPv6 is not compiled as module)

2009-11-19 Thread Klaus Ethgen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Do den 19. Nov 2009 um 13:37 schrieb Ben Hutchings:
  integrated in the kernel. More over the ipv6.disable is not documented.
 [...]
 
 It's documented as a module parameter in
 Documentation/networking/ipv6.txt.

Hmmm... That file is not found. I searched up to version 2.6.28.10.

This file was first inserted to the kernel with version 2.6.29.

 When modular code is built-in, its module parameters become kernel
 command line parameters.

Thats clear.

Gruß
   Klaus
- -- 
Klaus Ethgenhttp://www.ethgen.de/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen kl...@ethgen.de
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iQEVAwUBSwVEup+OKpjRpO3lAQoWEwf/cvhdLQkfwCFqS6H4XCYhRlU1swZKhEUY
ihsWdPV/KxLcpIGwVxk3WfHw9ZfnIWaAAYSp31rdxQfFzUuh/szxNpkEWPb5M2PM
fItoquhiN3AHe9AKxQ5Vnzc9ldDleloIdB6NnhPVlE8V7CBKiJL5vnPOsMVfB8V+
WrZSXOsiKc1Hu8+5Z5DpiQ3+KImckO8rTVTVixLg19qjl87S1SgM95m8IgQ2PkHO
x02eI2U9vvULR1PXSg9khhVMYkVJThSzO4I8Hr0GzmXkcuO1h2CqEZofBp99y/KD
XBbROtFiJs0EXYhGs1CwY2Q0iClaNl2Gdebnvu/iobGaeFIGiBFxxg==
=Glpl
-END PGP SIGNATURE-



-- 
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#556967: IPv6 is not compiled as module

2009-11-18 Thread Klaus Ethgen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Package: linux-2.6
Version: 2.6.31-2
Severity: important

Maybe the Severity is to low rated as that is a security bug!

The IPv6 support is not compiled as module than fix in the kernel. So
there is no way to switch IPv6 off. That might leeds in security
violation as it might be overlooked so there might be no security
setting on IPv6 at all and the machine open for all.

So please drow away that protocol (put it as module as it was before)
and let the admin decide to use it or not!

- -- Package-specific info:
** Version:
Linux version 2.6.31-1-686 (Debian 2.6.31-2) (b...@decadent.org.uk) (gcc 
version 4.3.4 (Debian 4.3.4-6) ) #1 SMP Sun Nov 15 20:39:33 UTC 2009

** Command line:
root=LABEL=root ro vga=0x318

** Not tainted

** Kernel log:
[5.978943] input: PC Speaker as /devices/platform/pcspkr/input/input4
[5.994955] ACPI: CPU1 (power states: C1[C1] C2[C2] C3[C3])
[6.006490] processor LNXCPU:01: registered as cooling_device1
[6.018120] ACPI: Processor [CPU1] (supports 8 throttling states)
[6.104231] ACPI: Battery Slot [BAT0] (battery present)
[6.122269] thinkpad_acpi: ThinkPad ACPI Extras v0.23
[6.133779] thinkpad_acpi: http://ibm-acpi.sf.net/
[6.144855] thinkpad_acpi: ThinkPad BIOS 7NETB3WW (2.13 ), EC 7MHT25WW-1.03
[6.155749] thinkpad_acpi: Lenovo ThinkPad X61s, model 7669A26
[6.181010] thinkpad_acpi: radio switch found; radios are disabled
[6.183203] yenta_cardbus :05:00.0: CardBus bridge found [17aa:20c6]
[6.203029] thinkpad_acpi: This ThinkPad has standard ACPI backlight 
brightness control, supported by the ACPI video driver
[6.213862] thinkpad_acpi: Disabling thinkpad-acpi brightness events by 
default...
[6.249016] Registered led device: tpacpi::thinklight
[6.274330] Registered led device: tpacpi::power
[6.286531] i801_smbus :00:1f.3: PCI INT A - GSI 23 (level, low) - IRQ 
23
[6.297745] Registered led device: tpacpi::standby
[6.308843] Registered led device: tpacpi::thinkvantage
[6.309726] yenta_cardbus :05:00.0: ISA IRQ mask 0x0890, PCI irq 16
[6.309733] yenta_cardbus :05:00.0: Socket status: 3006
[6.309739] yenta_cardbus :05:00.0: pcmcia: parent PCI bridge I/O 
window: 0x4000 - 0x7fff
[6.309744] pcmcia_socket pcmcia_socket0: cs: IO port probe 0x4000-0x7fff: 
clean.
[6.310940] yenta_cardbus :05:00.0: pcmcia: parent PCI bridge Memory 
window: 0xd400 - 0xd7ef
[6.310944] yenta_cardbus :05:00.0: pcmcia: parent PCI bridge Memory 
window: 0xd800 - 0xdbff
[6.387943] thinkpad_acpi: Standard ACPI backlight interface available, not 
loading native one.
[6.392210] ath9k :03:00.0: PCI INT A - GSI 17 (level, low) - IRQ 17
[6.392227] ath9k :03:00.0: setting latency timer to 64
[6.411295] input: ThinkPad Extra Buttons as /devices/virtual/input/input5
[6.424846] Error: Driver 'pcspkr' is already registered, aborting...
[6.522672] ath: EEPROM regdomain: 0x62
[6.522676] ath: EEPROM indicates we should expect a direct regpair map
[6.522680] ath: Country alpha2 being used: 00
[6.522682] ath: Regpair used: 0x62
[6.582369] HDA Intel :00:1b.0: PCI INT B - GSI 17 (level, low) - IRQ 
17
[6.593422] hda_intel: probe_mask set to 0x1 for device 17aa:20ac
[6.604747] HDA Intel :00:1b.0: setting latency timer to 64
[6.606854] phy0: Selected rate control algorithm 'ath9k_rate_control'
[6.607593] Registered led device: ath9k-phy0::radio
[6.618999] Registered led device: ath9k-phy0::assoc
[6.630471] Registered led device: ath9k-phy0::tx
[6.641410] Registered led device: ath9k-phy0::rx
[6.656823] phy0: Atheros AR5418 MAC/BB Rev:2 AR5133 RF Rev:81: 
mem=0xf8e2, irq=17
[6.794689] IBM TrackPoint firmware: 0x0e, buttons: 3/3
[6.833625] input: TPPS/2 IBM TrackPoint as 
/devices/platform/i8042/serio1/input/input6
[7.001058] Clocksource tsc unstable (delta = -258205080 ns)
[7.087271] input: HDA Digital PCBeep as 
/devices/pci:00/:00:1b.0/input/input7
[7.725690] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[7.773915] usbcore: registered new interface driver hiddev
[7.784979] usbcore: registered new interface driver usbhid
[7.795825] usbhid: v2.6:USB HID core driver
[8.378983] padlock: VIA PadLock Hash Engine not detected.
[8.741437] XFS mounting filesystem dm-1
[8.905379] Ending clean XFS mount for filesystem: dm-1
[8.996263] XFS mounting filesystem dm-2
[9.179948] Ending clean XFS mount for filesystem: dm-2
[9.231872] XFS mounting filesystem dm-0
[9.361342] Ending clean XFS mount for filesystem: dm-0
[9.425814] Adding 2096472k swap on /dev/mapper/swap0.  Priority:2 extents:1 
across:2096472k 
[9.966734] ip_tables: (C) 2000-2006 Netfilter Core Team
[   10.199371] nf_conntrack version 0.5.0 (15979 buckets, 63916 max)
[   10.210434] CONFIG_NF_CT_ACCT is deprecated and will