Re: broken IPv6 code

To: debian-ipv6@lists.debian.org
Subject: Re: broken IPv6 code
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Tue, 2 Jan 2001 23:47:53 -0400
Message-id: <20010102234753.B9064@llama.nslug.ns.ca>
In-reply-to: <20001231211818T.yoshfuji@ecei.tohoku.ac.jp>; from yoshfuji@ecei.tohoku.ac.jp on Sun, Dec 31, 2000 at 09:18:18PM +0900
References: <84r92orkk8.fsf@snoopy.apana.org.au> <20001231211818T.yoshfuji@ecei.tohoku.ac.jp>

On Sun, Dec 31, 2000 at 09:18:18PM +0900, YOSHIFUJI Hideaki / ?$B5HF#1QL@?(B wrote:
> 
> On USAGI linux24 kernels, you can bind both ipv6 and ipv4 socket to the
> same port number by CONFIG_IPV6_DOUBLE_BIND option. 
> Its hehavior is like KAME's freebsd3's one.  For example, 
> if there's only ipv6-wildcard socket, ipv4 connection will go to ipv6 
> socket.  If there're both of ipv6-wildcard and ipv4-wildcard socket, 
> it will go to ipv4 socket.

 Hmm, if that's the case, then if you only bind to the ipv6-wildcard socket,
another process could bind to the ipv4-wildcard socket on the same port and
intercept the connections you were expecting to receive.  If the port is
>1023, then that is a real security problem.

 Just thought I'd point that out, in case not everybody had thought of this
yet :)

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Reply to:

Follow-Ups:
- Re: broken IPv6 code
  - From: Brian May <bam@debian.org>
- Re: broken IPv6 code
  - From: YOSHIFUJI Hideaki / 吉藤英明 <yoshfuji@ecei.tohoku.ac.jp>

Prev by Date: Re: IPv6 support in Debian
Next by Date: Re: broken IPv6 code
Previous by thread: Re: IPv6 support in Debian
Next by thread: Re: broken IPv6 code
Index(es):
- Date
- Thread