advocatux <advoca...@gmail.com> writes: > Yep, I know I can add "ipv6.disable=1" in /boot/grub/menu.lst but this > method doesn't work always, it depends on which 2.6.30 kernel version > you're running.
It works with the 2.6.30 kernel in Debian. I'm no DD but I believe that is about as much as you can expect Debian to support... >>> Yeah, just like having IPv4 enabled by default. Given the number of >>> attacks, I would say that IPv4 is much more dangerous and should be >>> disabled immediately by any sane administrator :-) >> >> triple *lol* ;) > > Certainly that mockery doesn't fit with Debian community spirit, does > it? and for sure doesn't help to fill bug reports. I put the smiley there for a reason. I apologize if my comment hurt you in any way. I'm sure the kernel team found your bug report very useful even if it was closed. It does help documenting the potential problems users may face, and will serve as help to others having the same question as you. > People analizing this bug in Ubuntu Bug System > (https://bugs.launchpad.net/bugs/351656) changed the status from > security vulnerability "no" to "yes", and that's because an initial > machine running other kernel, with IPv4 traffic filtered and IPv6 > disabled, after install a 2.6.30 kernel ends with unfiltered ports > listening to IPv6 traffic. Well, AFAIK there is no change to a default Debian installation. IPv6 is enabled by default both in 2.6.26 and 2.6.30 and there are no iptables or ip6tables rules installed. Something could of course have checked on upgrade whether the admin chose to blacklist the ipv6 module and warn that this has no effect anymore, but personally I don't see the need. If you do, I'm pretty sure that patches are welcome as usual. For the record: Unfiltered ports are not a security problem. Network protocol support is not a security problem. Debian is as secure with IPv6 enabled as it is with IPv4 enabled. If you think otherwise, then I suggest you demonstrate the attack and file appropriate bugs against the packages with the real security problem. Security in Linux is not based on the kernel preventing application abuse by disabling any useful feature. Bjørn -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org