Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl

To: Guus Sliepen <guus@debian.org>, 560238@bugs.debian.org
Subject: Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl
From: Julien Cristau <jcristau@debian.org>
Date: Sun, 13 Jun 2010 14:01:08 +0200
Message-id: <[🔎] 20100613120108.GG3043@radis.liafa.jussieu.fr>
Mail-followup-to: debian-ctte@lists.debian.org
Reply-to: Julien Cristau <jcristau@debian.org>, 560238@bugs.debian.org
In-reply-to: <20100613112439.GN26965@sliepen.org>
References: <20100613112439.GN26965@sliepen.org>

On Sun, Jun 13, 2010 at 13:24:39 +0200, Guus Sliepen wrote:

> net.ipv6.bindv6only = 1
> -----------------------
> 
> * This restricts IPv6 addresses to IPv6 sockets, and IPv4 address to IPv4
>   sockets, making interpretation of addresses unambiguous, and hence increases
>   security of programs.
> 
> * This requires some applications to be adapted to support multiple sockets.
> 
The most likely way applications are going to be adapted is to use
setsockopt to set IPV6_V6ONLY to 0, not to support multiple sockets...

[...]
> * This value reduces security bugs, but introduces new bugs since some
>   applications no longer work as expected.
> 
... in which case those (hypothetical) security bugs aren't reduced.

[...]
> * Setting this value now will get more bugs fixed before the next release.

I'm unconvinced.

Cheers,
Julien

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Processed: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Next by Date: Bug#573745: python maintainance: next steps
Previous by thread: Processed: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Next by thread: Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl
Index(es):
- Date
- Thread