On Sun, Jun 13, 2010 at 13:24:39 +0200, Guus Sliepen wrote: > net.ipv6.bindv6only = 1 > ----------------------- > > * This restricts IPv6 addresses to IPv6 sockets, and IPv4 address to IPv4 > sockets, making interpretation of addresses unambiguous, and hence increases > security of programs. > > * This requires some applications to be adapted to support multiple sockets. > The most likely way applications are going to be adapted is to use setsockopt to set IPV6_V6ONLY to 0, not to support multiple sockets...
[...] > * This value reduces security bugs, but introduces new bugs since some > applications no longer work as expected. > ... in which case those (hypothetical) security bugs aren't reduced. [...] > * Setting this value now will get more bugs fixed before the next release. I'm unconvinced. Cheers, Julien
signature.asc
Description: Digital signature
