Re: broken IPv6 code
On Sun, Dec 31, 2000 at 09:18:18PM +0900, YOSHIFUJI Hideaki / ?$B5HF#1QL@?(B wrote:
>
> On USAGI linux24 kernels, you can bind both ipv6 and ipv4 socket to the
> same port number by CONFIG_IPV6_DOUBLE_BIND option.
> Its hehavior is like KAME's freebsd3's one. For example,
> if there's only ipv6-wildcard socket, ipv4 connection will go to ipv6
> socket. If there're both of ipv6-wildcard and ipv4-wildcard socket,
> it will go to ipv4 socket.
Hmm, if that's the case, then if you only bind to the ipv6-wildcard socket,
another process could bind to the ipv4-wildcard socket on the same port and
intercept the connections you were expecting to receive. If the port is
>1023, then that is a real security problem.
Just thought I'd point that out, in case not everybody had thought of this
yet :)
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Reply to: