Hello!
> > > linux-2.2.16 and linux-2.4.0-test5 allow to let an application bind an
> > > inet6 socket sd6 to an address / a port that is already bound to inet
> > > socket sd4.
> >
> > Yeah... Ugly. 8) But we have no choice. Thank you.
>
> Does this not leave us open to 'binding closer' type attacks like NFS packet
> theft ?
Seems, with this patch theft is impossible. Without this patch IPv6
can steal sockets used by IP, indeed.
Test !sk2->rcv_saddr prevents binding to place used both by
IPv6 and IP wildcard. The problem is that native IP sockets do
not initialize IPv6 rcv_saddr and it is always ::, so that
we cannot check for net_pinfo.af_inet6.rcv_saddr==:: instead of
!sk2->rcv_saddr (and it is OK), but unfortunately we also forgot
to check for coincidence of real IPv4 identities. The patch fixes
this and problems disappear. Seems. 8)
Though, I am not 100% sure. You frightened me. 8)
This place need to be analyzed more carefully yet.
Alexey
|