On Jan 30, 2009, at Jan 30, 2009, 5:02 PM, J. Bruce Fields wrote:
On Fri, Jan 30, 2009 at 05:01:36PM -0500, Chuck Lever wrote:
On Jan 30, 2009, at Jan 30, 2009, 4:55 PM, J. Bruce Fields wrote:
On Fri, Jan 30, 2009 at 04:30:10PM -0500, Chuck Lever wrote:
Also, having a separate IPv6-only listener means that someone can
come along and hijack the IPv4 packets on that port.
Starting listeners on both as early as possible reduces but doesn't
eliminate the chance of that happening. Don't we just have to
assume
users of low port numbers are well-behaved to some degree?
We have one listener now, so it doesn't ever happen.
If you restart nfsd, or if other programs are running during boot,
then
it can still happen. Right?
Yes, but that can also happen for IPv4 sockets.
I'm talking about while the listener is up and running. In this case,
it's more of a IPv4 to IPv6 transition issue, not a security thing.
If the traffic is hijacked then your service starts behaving in ways
you don't expect and are hard to pin down.
--
Chuck Lever
chuck[dot]lever[at]oracle[dot]com
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
