[Bug 538871] [NEW] authbind fail on IPv6
BJB
bugeaud at gmail.com
Sun Mar 14 23:49:11 GMT 2010
Public bug reported:
Binary package hint: authbind
Hello,
I think this package does not work with IPv6.
The problem is that a lot of server depend on this. For instance, most
Java based server running standard service (say a HTTPD, a SMTPD, etc)
on standard port (priviledged port) depend on this package to be able to
work.
At this time, there is no way to run such a server on Linux without deactivating the IPv6 feature.
(setcap is not working as well, FYI because generally speaking it has no "deep")
This is issue is blocking as the only workaround is to do a NAT port
forward (untested) that is not a clean solution IMHO.
Here are the steps :
adduser -system glassfish
Then add various "flag" like :
/etc/authbind/byport is :
-rwxr----- 1 glassfish admin 0 2010-03-14 18:04 443
-rwxr----- 1 glassfish admin 0 2010-03-13 23:05 80
/etc/authbind/byaddr is :
-rwxr----- 1 glassfish admin 0 2010-03-14 22:10 ::
-rwxr----- 1 glassfish admin 0 2010-03-14 22:09 0.0.0.0
-rwxr----- 1 glassfish admin 0 2010-03-15 00:21 ::1
I also have byuid set to check (does not change the result as well)
Here are the tests :
sudo -u glassfish authbind --deep nc -l 0.0.0.0 80
> work :)
sudo -u glassfish authbind --deep nc -l localhost 80
> work :)
sudo -u glassfish authbind --deep nc -l 127.0.0.1 80
> work :)
sudo -u glassfish authbind --deep nc -l :: 80
nc: Permission denied
sudo -u glassfish authbind --deep nc -l ::1 80
nc: Permission denied
sudo -u glassfish authbind --deep nc6 -l -p 80
nc6: bind to source :: 80 failed: Permission non accordée (aka failed !)
FYI, I have tried with byport + byaddr + byuid, all of them fail on IPv6 but succeed on IPv4.
Description: Ubuntu 9.10
Release: 9.10
authbind:
Installed : 1.2.0build2
Candidate : 1.2.0build2
Version table
*** 1.2.0build2 0
500 http://fr.archive.ubuntu.com karmic/main Packages
100 /var/lib/dpkg/status
By the way it would be cool if the authbind feature would be introduced
in the kernel as this is realy an important feature and the setcap is
not suited (no "deep" feature and no way to restrict to a given user),
if I get it right.
Rgs,
JB
** Affects: authbind (Ubuntu)
Importance: Undecided
Status: New
--
authbind fail on IPv6
https://bugs.launchpad.net/bugs/538871
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to authbind in ubuntu.
More information about the Ubuntu-server-bugs
mailing list