[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bindv6only once again

Paul Wise writes:

> On Sun, Jun 13, 2010 at 7:00 PM, Michael Poole <mdpoole@troilus.org> wrote:
>> The behavior with net.ipv6.bindv6only=0 is mandated by both POSIX and
>> the governing RFC.  How can you call it a bug for software to expect
>> that behavior?  The true bug is that Debian intentionally violates these
>> standards.  If people decide (as Vincent Bernat suggested) that Debian
>> is a buggy piece of junk because of that, they will be right.
> How many times will this discussion will go round and round in
> circles? I'm getting dizzy.

Probably as many times as it takes for people to give a reasonable
answer for the question I asked.  So far I have seen these reasons
provided to keep bindv6only=1:

1) BSDs only act as if bindv6only=1.  (False.)

2) BSDs do (or did) this because of vague language in the standards.
(Maybe true once, but not now.)

3) There are potential security bugs if an application black- or
white-lists IPv4 addresses and someone uses an v6-mapped IPv4 address to
connect.  (Handwavy and, as far as I've seen, purely hypothetical.  Also
ties the hands of the system administrator, who may want to treat
v6-mapped addresses differently than the corresponding native IPv4

4) It only affects software outside of the Debian archive.  (Irrelevant
at best.  Callous because it requires developers to cater to the whims
of Debian.)

and most often:

5) Software that doesn't expect it is buggy.  (Circular.)

Have I missed anything?

Michael Poole

Reply to: