[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#560238: tech-ctte: Default value for net.ipv6.bindv6only sysctl

On Sun, Jun 13, 2010 at 13:24:39 +0200, Guus Sliepen wrote:

> net.ipv6.bindv6only = 1
> -----------------------
> * This restricts IPv6 addresses to IPv6 sockets, and IPv4 address to IPv4
>   sockets, making interpretation of addresses unambiguous, and hence increases
>   security of programs.
> * This requires some applications to be adapted to support multiple sockets.
The most likely way applications are going to be adapted is to use
setsockopt to set IPV6_V6ONLY to 0, not to support multiple sockets...

> * This value reduces security bugs, but introduces new bugs since some
>   applications no longer work as expected.
... in which case those (hypothetical) security bugs aren't reduced.

> * Setting this value now will get more bugs fixed before the next release.

I'm unconvinced.


Attachment: signature.asc
Description: Digital signature

Reply to: