For some time, my /var/log/messages has been filled with entries like:
Dec 31 14:03:58 odin slaacd[56869]: last solicitation less then 4 seconds ago
Dec 31 14:04:08 odin last message repeated 2 times
Dec 31 15:50:07 odin slaacd[56869]: last solicitation less then 4 seconds ago
Dec 31 15:50:17 odin
Hi all,
Reviving a really old thread, but this problem still exists in 7.4 and
is impacting my use case as well.
However, I can confirm that this patch does fix the issue. An
additional "struct keyname *name;" was required in the function, but
otherwise it works as-is.
Best,
Stefan
On Tue, S
(proposed
behavior).
The best course of action may be to fix the router configuration
instead, in which a software change to slaacd isn't necessary.
On Sun, Nov 20, 2022 at 6:27 PM Theo de Raadt wrote:
>
> Stefan R. Filipek wrote:
>
> > > they could change the mtu on an interfa
gain your mesage is "i am only concerned with the mtu change in
> > this one program".
> >
> > yes, missing the mtu change could matter, but I am really sceptical of
> > that risk, compared to the next-level tradeoff you proposed.
> >
> > Stefan R. Filipek
> you've failed to ask the two required questions
They were implied (with the security-minded audience in mind). I chose brevity.
> If one of them gets subverted, what danger can it cause?
This question matters the most, and the answer really determines if we
even care about the first implied qu
My router advertises its MTU over ICMPv6 router advertisements. It's
somewhat large (9216), and exceeds the hardware capabilities of my
OpenBSD system's rge interface (9194). This results in a bunch of
noisy log messages of:
> slaacd[...]: failed to set MTU: Invalid argument
And the obvious outco
If you have not already, be sure to read the 1975 paper "The
Protection of Information in Computer Systems" by Saltzer, et. al., at
least through section 1 A, for an introduction to computer security.
There's a blog post going around that has an interesting use of SSH
authorized_keys restrict + command:
https://kulinacs.com/ssh-honey-keys/
If you don't want to follow the link, it basically uses the
well-documented authorized_keys feature to restrict a login for an ssh
key to invoking a single b
8 matches
Mail list logo
