[Pkg-utopia-maintainers] Bug#968755: network-manager: Privacy settings should again be enabled by default
thefoo
thefoo at foo.fo
Thu Aug 20 23:31:35 BST 2020
Package: network-manager
Version: 1.26.2-1
Severity: important
Tags: ipv6 security patch
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
Dear maintainer,
This is basically a follow-up for bug 622845 from 2013, where people wanted IPv6 privacy extensions enabled by default for desktops/laptops but not for servers, and the "solution" was to rely on network-manager doing this because it's often installed on such systems.
It also obsoletes bug 668462.
Problem is, for a long time now the behaviour of NM is different than in 2013.
It allows setting "ip6-privacy" per connection, which works and is mirrored to the connections sysctl use_tempaddr too (on connecting).
If that setting is not set or -1 in the connection config file, it searches global configs in /etc/NetworkManager
If it's still not there, it finally reads from /proc/sys/net/ipv6/conf/default/use_tempaddr which is default 0 in Debian (for server use cases).
Therefore, effectively, using NM does NOT use privacy extentions by default, for years now.
Please change /etc/NetworkManager/NetworkManager.conf or add some file in /etc/NetworkManager/conf.d/ in Debian packets, where
ip6-privacy=2
is set, so that average non-server users finally are better protected against tracking again.
Thank you
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.7.0-2-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages network-manager depends on:
ii adduser 3.118
ii dbus 1.12.20-1
ii libaudit1 1:2.8.5-3+b1
ii libbluetooth3 5.50-1.2
ii libc6 2.30-4
ii libcurl3-gnutls 7.68.0-1+b1
ii libglib2.0-0 2.64.4-1
ii libgnutls30 3.6.14-2+b1
ii libjansson4 2.13.1-1
ii libmm-glib0 1.14.0-0.1
ii libndp0 1.6-1+b1
ii libnewt0.52 0.52.21-4+b1
ii libnm0 1.26.2-1
ii libpam-systemd 246.2-1
ii libpsl5 0.21.0-1.1
ii libreadline8 8.0-4
ii libselinux1 3.1-2
ii libsystemd0 246.2-1
ii libteamdctl0 1.30-1
ii libudev1 246.2-1
ii libuuid1 2.36-2
ii policykit-1 0.105-29
ii udev 246.2-1
ii wpasupplicant 2:2.9.0-13
Versions of packages network-manager recommends:
ii crda 4.14+git20191112.9856751-1
ii dnsmasq-base [dnsmasq-base] 2.82-1
ii iptables 1.8.5-2
ii modemmanager 1.14.0-0.1
ii ppp 2.4.7-2+4.1+deb10u1
Versions of packages network-manager suggests:
ii isc-dhcp-client 4.4.1-2.1+b2
pn libteam-utils <none>
-- no debconf information
More information about the Pkg-utopia-maintainers
mailing list