The gist of this bug is that NetworkManager on Fedora 23 and Rawhide
does not have RFC4941 privacy extensions enabled. So the IPv6 address
is predicated on a real MAC address (at least on baremetal) and the
address is not temporary and is never deprecated. This is reported to
have worked correctly on Fedora 22.
Could this be assessed for security impact, in particular as it
relates to Fedora release criteria?
How would this get fixed with an update? Is there a mechanism to sed
the user configuration to change ipv6.ip-privacy to 2? Or is this
something that's likely stuck with a value of -1 for the live of the
release, unless the user manually makes a change?
As an ABRT maintainer, I have been asked several times why ABRT does not
crashes of many processes and one kind of reasons dominate among other
processes that executes set-user-ID programs (man 5 core). These
not dumped at all if the value of /proc/sys/fs/suid_dumpable is 0 (man 5
which is the default value. With the default suid_dumpable value, crashes
caused by SIGABRT are not detectable because kernel doesn't even write a
log message about that.
The default value 0 is there for good security reason, but I would like to
propose changing the default value to 2 for development Fedora releases
Beta, Rawhide). In this case, kernel would send core dump to ABRT (or
systemd-coredump) and the ABRT record would be accessible only to root.
I believe that maintainers of packages like chrony will be really delighted
with this change, while will not weaken security of Fedora for regular