> From: Matthias Scheler <[EMAIL PROTECTED]> > On Wed, Jul 23, 2003 at 01:48:08PM +0200, Egbert Eich wrote: > > > I wasn't suggesting to use it on Linux. My suggestion was to revert to > > > using a single socket on all platforms and use the above code to enable > > > accepting IPv4 connections on *BSD. > > Yes, I understand. I was just looking for a decend way of making > > things work on Linux. > > Using a single socket should work on Linux according to your observations. > And it definitely works on Solaris. So adding some conditional code which > uses setsockopt() with IPV6_V6ONLY on platforms which have IPV6_V6ONLY > defined should work arround the platform.
The danger is that on systems where V4-mapped addresses are disabled an attacker might just manage to bind to either the V6 socket, or the V4 socket and possibly execute a MitM attack. > But we would get complaints from the IPv6 folks which consider accepting > IPv4 connections on IPv6 listeners a problem. See here: > > http://www.ietf.org/internet-drafts/draft-itojun-v6ops-v4mapped-harmful-01.txt > > So we probably need to implement heuristics similar to the one described > by Andrew Aitchison. The issues that the draft brings up are irrelevant to XFree86. They are strictly OS/firewall issues. If those problems can occur on a system, the system is already swiss cheese; and nothing XFree86 can do will alleviate things. The draft was sent to BugTraq, and everyone who responded brought the exact same issue up: http://www.securityfocus.com/archive/1/289420/2002-08-20/2002-08-26/2 http://www.securityfocus.com/archive/1/289409/2002-08-20/2002-08-26/2 http://www.securityfocus.com/archive/1/289375/2002-08-20/2002-08-26/2 http://www.securityfocus.com/archive/1/289364/2002-08-20/2002-08-26/2 If you want to see both sides and the rest of the thread: http://www.securityfocus.com/archive/1/288622/2002-08-20/2002-08-26/1 -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \ ( | [EMAIL PROTECTED] PGP 8881EF59 | ) / \_ \ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ \___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/ _______________________________________________ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
