Bugtraq mailing list archives
Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI
From: Colm MacCarthaigh <colmmacc () redbrick dcu ie>
Date: Wed, 29 Oct 2003 19:19:56 +0000
On Wed, Oct 29, 2003 at 01:06:55PM -0500, der Mouse wrote:
Also, note that the application can get whichever set of semantics it prefers by explicitly setting the V6ONLY option on the socket;
My main point is that this is not the case. The V6ONLY socket option is not honoured by some widely-deployed Operating Systems. Although the situation is rapidly improving, I would argue that it is currently still worth accompanying a recommendation of using explicit AF sockets with the excellent recommendation from section 4 of the I-D; "In EVERY application, check for IPv4-mapped addresses wherever addresses enter code paths under your control (i.e., are returned from system calls, or from library calls, or are input from the user or a file), and handle them in an appropriate manner. This approach is difficult in reality, and there is no way to determine whether it has been followed fully." Proposing "do not accept IPv4 traffic by using AF_INET6 socket" without even a "where available" qualifier as a solution is unsuitable and unrealistic. It is a simple fact of life that current application developers have to live with the fact that some OS's do not support this behaviour. -- colmmacc () redbrick dcu ie PubKey: colmmacc+pgp () redbrick dcu ie Web: http://devnull.redbrick.dcu.ie/
Current thread:
- possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI itojun (Oct 29)
- Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI Colm MacCarthaigh (Oct 29)
- Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI der Mouse (Oct 29)
- Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI Colm MacCarthaigh (Oct 29)
- Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI der Mouse (Oct 29)
- Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI Colm MacCarthaigh (Oct 29)