[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bindv6only once again

Jarek Kamiński writes:
> Na grupie linux.debian.devel napisałe(a)ś:
> >> I see only two ways of fixing proprietary Java (apart from fixing it
> >> upstream or ignoring the problem):
> >> * wrap java and java_vm binaries in some scripts setting LD_PRELOAD (in
> >> 
> >>   Debian package)
> >> 
> >> or
> >> * allow sun-java6-* packages to override bindv6only sysctl.
> > 
> > * allow bindv6only to be overridden by process instead of system-wide.
> You mean modifying kernel?

Of course not, the kernel already provides everything needed for years, and 
these dummy apps can still request bindv6only to 0 on the sockets they listen 
on their own, which is also discussed at debian-ctte[1]:

int b = 0;
if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, (char *)&b, sizeof(b))==-1)
    perror("failed blah");

they would be still inferior to those opening two separate sockets (which 
means more fine-grained control like listening on v4 or v6 or both, or 
establish means to threat them specifically if necessary), but this is at least 
easily doable for brain-damaged apps badly in need for 0.

[1] http://lists.debian.org/debian-ctte/2010/06/msg00002.html

pub 4096R/0E4BD0AB <people.fccf.net/danchev/key pgp.mit.edu>

Reply to: