I've received a report from a user about an error in the security handbook. The details are below:
> > On page:
> > <http://www.gentoo.org/doc/en/security/security-handbook.xml?full=1>
> > it is suggested to set secure_redirects to 0:
> > # /bin/echo "0" > /proc/sys/net/ipv4/conf/all/secure_redirects
> > Both IBM and Oskar Andreasson (FrozenTux) disagree:
> > IBM's Linux Performance and Tuning Guidelines:
> > These commands configure the server to ignore redirects from
> > machines that are listed as gateways. Redirect can be used to
> > perform attacks, so we only want to allow them from trusted
> > sources:
> > sysctl -w net.ipv4.conf.eth0.secure_redirects=1
> > <www.redbooks.ibm.com/redpapers/pdfs/redp3862.pdf>
> > Andreasson:
> > 3.5.11. secure_redirects
> > This variable turns on secure redirects. If it is turned off, the
> > Linux kernel will accept ICMP redirects from any host, anywhere.
> > However, if it is turned on, ICMP redirects will only be accepted
> > from gateways listed in the default gateway list. This way we can
> > get rid of most illegal redirects that can be used to log your
> > traffic and grab sensitive data, such as passwords etcetera.
> > The secure_redirects variable takes a boolean value and is per
> > default turned on. It may both be turned on or turned off. Note
> > that this variable is overridden by the shared_media variable, so
> > to turn this one on, you must turn on shared_media as well.
> > sysctl -w net.ipv4.conf.lo.secure_redirects=1
> > <ipsysctl-tutorial.frozentux.net/chunkyhtml/theconfvariables.html>
> > These seem to me like fairly reliable sources and their
> > explanations make sense.
> > What do you say?
Agreed, but the line before we already disable redirects altogether so I think it is better to remove the secure_redirects, or mention it separately.
secure_redirect stuff removed (well, this is a one liner ;-)
Thanks for reporting.