#779977 Does not seem to honor IPV6 privacy setting for wired connection

Package:
network-manager
Source:
network-manager
Description:
network management framework (daemon and userspace tools)
Submitter:
Michael Meskes
Date:
2015-03-14 14:39:14 UTC
Severity:
important
#779977#5
Date:
2015-03-07 11:10:43 UTC
From:
To:
System is set up to use privacy extension on all devices and even on the
already existinf eth0, but when I connect the cable and NM sets up the link,
the parameter in /proc/sys/net/ipv6/conf/eth0/use_tempaddr switches from 2 to
0.

Am I missing somehing?

If not I wonder if this should get a higher severity as it leaks data that is
not supposed to make it out.

Michael

#779977#10
Date:
2015-03-07 11:25:59 UTC
From:
To:
Am 07.03.2015 um 12:10 schrieb Michael Meskes:

Can you check the connection file in
/etc/NetworkManager/system-connections/<connection>

In section [ipv6], is the following set?
ip6-privacy=2

#779977#15
Date:
2015-03-07 11:59:06 UTC
From:
To:
There is no such file. All my wireless connections have one, but not the
wired connection it seems.

Michael

#779977#20
Date:
2015-03-14 10:00:30 UTC
From:
To:
Any idea how to proceed? Also I wonder what your take on the severity is. Given that private information is leaked I wonder if we should increase to RC.

Michael

#779977#25
Date:
2015-03-14 13:48:36 UTC
From:
To:
Am 14.03.2015 um 11:00 schrieb Michael Meskes:

No, I don't think this is RC as long as we don't know more about this.

Can you run "grep ip6-privacy /etc/NetworkManager/system-connections/*"
and "grep ethernet /etc/NetworkManager/system-connections/*"

If you check with nm-connection-editor, do you have an entry under
Ethernet like "Kabelgebundene Verbindung 1"?
If so, switch to the IPv6 tab and make a screenshot.

Michael

#779977#30
Date:
2015-03-14 14:28:38 UTC
From:
To:
Fair enough. And with the discoveries mentioned below I do agree.

Shows my wifi connections with the correct entries.

Empty

Yes.

I switched privacy on in that tab and *now* I do have a connection file
and can configure the privacy extension accordingly and after restarting
NM temporary IPs are used.

So why doesn't NM create the connection file earlier?

Michael

#779977#35
Date:
2015-03-14 14:36:26 UTC
From:
To:
Am 14.03.2015 um 15:28 schrieb Michael Meskes:

That's an auto-created, in-memory profile with the default settings in
case you don't have a matching connection file. As long as you don't
change any of the defaults, no physical file is created on disk.

We could argue, that changing the default for ip6-privacy is probably
sensible nowadays, I'm just a bit worried to do this that late in the
jessie release cycle, since there might be side effects.

Dan, what are your thoughts on this?

Michael