- Package:
- network-manager
- Source:
- network-manager
- Description:
- network management framework (daemon and userspace tools)
- Submitter:
- Michael Meskes
- Date:
- 2015-03-14 14:39:14 UTC
- Severity:
- important
System is set up to use privacy extension on all devices and even on the already existinf eth0, but when I connect the cable and NM sets up the link, the parameter in /proc/sys/net/ipv6/conf/eth0/use_tempaddr switches from 2 to 0. Am I missing somehing? If not I wonder if this should get a higher severity as it leaks data that is not supposed to make it out. Michael
Am 07.03.2015 um 12:10 schrieb Michael Meskes: Can you check the connection file in /etc/NetworkManager/system-connections/<connection> In section [ipv6], is the following set? ip6-privacy=2
There is no such file. All my wireless connections have one, but not the wired connection it seems. Michael
Any idea how to proceed? Also I wonder what your take on the severity is. Given that private information is leaked I wonder if we should increase to RC. Michael
Am 14.03.2015 um 11:00 schrieb Michael Meskes: No, I don't think this is RC as long as we don't know more about this. Can you run "grep ip6-privacy /etc/NetworkManager/system-connections/*" and "grep ethernet /etc/NetworkManager/system-connections/*" If you check with nm-connection-editor, do you have an entry under Ethernet like "Kabelgebundene Verbindung 1"? If so, switch to the IPv6 tab and make a screenshot. Michael
Fair enough. And with the discoveries mentioned below I do agree. Shows my wifi connections with the correct entries. Empty Yes. I switched privacy on in that tab and *now* I do have a connection file and can configure the privacy extension accordingly and after restarting NM temporary IPs are used. So why doesn't NM create the connection file earlier? Michael
Am 14.03.2015 um 15:28 schrieb Michael Meskes: That's an auto-created, in-memory profile with the default settings in case you don't have a matching connection file. As long as you don't change any of the defaults, no physical file is created on disk. We could argue, that changing the default for ip6-privacy is probably sensible nowadays, I'm just a bit worried to do this that late in the jessie release cycle, since there might be side effects. Dan, what are your thoughts on this? Michael