[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bindv6only once again

Na grupie linux.debian.devel napisałe(a)ś:
> 3) There are potential security bugs if an application black- or
> white-lists IPv4 addresses and someone uses an v6-mapped IPv4 address to
> connect.  (Handwavy and, as far as I've seen, purely hypothetical.

I don't want to blow the discussion once again, but the security issue
is not only hypothetical. When I started using IPv6 I was deeply
disappointed when one daemon started ignoring my acls because of that.
Of course the daemon is fixed now, but the accident proves the risk is

>  Also
> ties the hands of the system administrator, who may want to treat
> v6-mapped addresses differently than the corresponding native IPv4
> address.)

I have no idea why one might want to do that.


Reply to: