On Thu, May 13, 2010 at 05:54:04PM +0200, Tollef Fog Heen wrote: > ]] Juliusz Chroboczek > Because it does not handle non-default values. This is just like an > application that didn't handle IFS or PATH being different from its > default value would be buggy. If it absolutely needs a given value, it > should tell the system that. > > | bindv6only=0 is assumed by both POSIX and RFC 3493. > > As the default value, yes. Not as the only possible value. POSIX 1003.1-2008 specifies that IPv4 can be used on AF_INET6 sockets using mapped addresses. Almost as an afterthought, it specifies the behavior of IPV6_V6ONLY and the default value of that option as 0. I have determined that with net.ipv6.bindv6only=1, mapped addresses do not function. Juliusz also points this out. It may be true that software that does not handle all possible cases of net.ipv6.bindv6only is buggy. Nevertheless, the default value is 0. That means the default value of the supposedly-conforming implementation (i.e. Debian). As an implementer of the POSIX interfaces, Debian is obligated to adopt 0 as the default value in order to comply with POSIX, no matter how much we dislike it or think it may be wrong. Another example: it is widely recognized that using gets(3) is a great way to add security bugs to a program and that nobody in their right mind should use it[0]. Nevertheless, for compatibility with C89, C99, POSIX 2001, and POSIX 2008, we provide this function. Even ignoring POSIX compatibility, using net.ipv6.bindv6only=1 breaks things now. It raises the bar for people to implement basic (if buggy) IPv6 support in their packages, which has long been a goal of Debian's (and very soon, a necessity). I have no problem with non-RC bug reports if people want to use net.ipv6.bindv6only=1, as long as that's an administrator's decision and not Debian's. [0] Theoretically, one could use it safely if stdin is redirected to an unnamed pipe also opened by the program. I haven't been able to come up with other secure ways to use it. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature