Re: broken IPv6 code

To: Brian May <bam@debian.org>
Cc: debian-ipv6@lists.debian.org
Subject: Re: broken IPv6 code
From: James Antill <james@and.org>
Date: 03 Jan 2001 12:21:08 -0500
Message-id: <nnn1d8mu0r.fsf@code.and.org>
In-reply-to: Brian May's message of "03 Jan 2001 17:06:30 +1100"
References: <84r92orkk8.fsf@snoopy.apana.org.au> <20001231211818T.yoshfuji@ecei.tohoku.ac.jp> <20010102234753.B9064@llama.nslug.ns.ca> <84pui52mqh.fsf@snoopy.apana.org.au>

Brian May <bam@debian.org> writes:

> >>>>> "Peter" == Peter Cordes <peter@llama.nslug.ns.ca> writes:
> 
>     Peter>  Hmm, if that's the case, then if you only bind to the
>     Peter> ipv6-wildcard socket, another process could bind to the
>     Peter> ipv4-wildcard socket on the same port and intercept the
>     Peter> connections you were expecting to receive.  If the port is
>     >> 1023, then that is a real security problem.
> 
> If you are worried that an application might bind to a port (IPv6 with
> IPv4 support implied) and have it taken over by an IPv4 application, I
> would be surprised if this is an issue.

 Why wouldn't it be an issue ?
 Either it lets another uid do it and so is a major security problem,
or it doesn't ... and bind calls can magically fail (say you have a
daemon that has random uid's for each network connected process
... then the calls will fail).
 Personally I think it should always fail, or that bind()'ing ipv6
address shouldn't do anything with any ipv4 ones.

>     Peter>  Just thought I'd point that out, in case not everybody had
>     Peter> thought of this yet :)
> 
> 
> I similar issue is if you run a daemon and another program is already
> listening for incoming connections on that port (whether IPv4 or IPv6
> or whatever), then both daemons will happily run, but only one will
> accept incoming connections.

 But the one that failed will have been told so with -1 and errno.
 In the ipv4/ipv6 example one process is getting the connections, and
then later is suddenly not getting them without any notice. This is
like the old hole where binding to a specific interface overrode a
bind to INADDR_ANY.

> Personally (although I may be uniformed), I think the Linux approach
> is stupid - you can't bind to all addresses returned by getaddrinfo
> without either (a) skipping IPv4 addresses or (b) ignoring the return
> value from bind. Applications should not have to deal with IPv4 as a
> special case.

 So if you support ipv6 and ipv4 do 2 bind()'s for INADDR_ANY (and the
ipv6 equivalent). If both fail, then fail. If you have configured with
specific interfaces then fail/warn if any fail. Just don't go calling
hostname() and then getnameinfo() pretending you know what you are
doing.
 It might be nice if there was a bind(IF_ANY, INADDR_ANY) type call so
apps wouldn't need to be changed for ipv8 etc. ... but that's an API
issue.

> IPv6 should be treated as a unique protocol, just like any other
> protocol supported by the sockets API. If this is not possible for
> reasons I don't understand, then the API should be changed so that
> applications can be protocol independent (eg. getaddrinfo shouldn't
> return IPv4 addresses in this case).

 Yeh it might be nice if this was the last change in the socket() API
for a while at least.

-- 
# James Antill -- james@and.org
:0:
* ^From: .*james@and.org
/dev/null

Reply to:

Follow-Ups:
- Re: broken IPv6 code
  - From: Brian May <bam@debian.org>

References:
- Re: broken IPv6 code
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: broken IPv6 code
  - From: Brian May <bam@debian.org>

Prev by Date: Re: Bug#80503: ssh: default configuration breaks IPv6
Next by Date: Re: Bug#80503: ssh: default configuration breaks IPv6
Previous by thread: Re: broken IPv6 code
Next by thread: Re: broken IPv6 code
Index(es):
- Date
- Thread