Brian May <[EMAIL PROTECTED]> writes: > >>>>> "Peter" == Peter Cordes <[EMAIL PROTECTED]> writes: > > Peter> Hmm, if that's the case, then if you only bind to the > Peter> ipv6-wildcard socket, another process could bind to the > Peter> ipv4-wildcard socket on the same port and intercept the > Peter> connections you were expecting to receive. If the port is > >> 1023, then that is a real security problem. > > If you are worried that an application might bind to a port (IPv6 with > IPv4 support implied) and have it taken over by an IPv4 application, I > would be surprised if this is an issue.
Why wouldn't it be an issue ? Either it lets another uid do it and so is a major security problem, or it doesn't ... and bind calls can magically fail (say you have a daemon that has random uid's for each network connected process ... then the calls will fail). Personally I think it should always fail, or that bind()'ing ipv6 address shouldn't do anything with any ipv4 ones. > Peter> Just thought I'd point that out, in case not everybody had > Peter> thought of this yet :) > > > I similar issue is if you run a daemon and another program is already > listening for incoming connections on that port (whether IPv4 or IPv6 > or whatever), then both daemons will happily run, but only one will > accept incoming connections. But the one that failed will have been told so with -1 and errno. In the ipv4/ipv6 example one process is getting the connections, and then later is suddenly not getting them without any notice. This is like the old hole where binding to a specific interface overrode a bind to INADDR_ANY. > Personally (although I may be uniformed), I think the Linux approach > is stupid - you can't bind to all addresses returned by getaddrinfo > without either (a) skipping IPv4 addresses or (b) ignoring the return > value from bind. Applications should not have to deal with IPv4 as a > special case. So if you support ipv6 and ipv4 do 2 bind()'s for INADDR_ANY (and the ipv6 equivalent). If both fail, then fail. If you have configured with specific interfaces then fail/warn if any fail. Just don't go calling hostname() and then getnameinfo() pretending you know what you are doing. It might be nice if there was a bind(IF_ANY, INADDR_ANY) type call so apps wouldn't need to be changed for ipv8 etc. ... but that's an API issue. > IPv6 should be treated as a unique protocol, just like any other > protocol supported by the sockets API. If this is not possible for > reasons I don't understand, then the API should be changed so that > applications can be protocol independent (eg. getaddrinfo shouldn't > return IPv4 addresses in this case). Yeh it might be nice if this was the last change in the socket() API for a while at least. -- # James Antill -- [EMAIL PROTECTED] :0: * ^From: [EMAIL PROTECTED] /dev/null
