IPv6 support for authbind

By Abhijit Menon-Sen <ams@toroid.org>

2010-09-08

A few days ago, my friend Aaron was trying to add IPv6 support to authbind, a program by Ian Jackson which allows unprivileged processes to bind reserved ports through LD_PRELOAD-interception of bind(2) and a setuid-root helper program.

Yesterday, after returning from a long train journey, I took a few hours to decompress and hack the necessary changes together. It turned out to be quite simple. Here's the patch.

The changes have received only light testing, but everything seemed to work in the test cases I contrived. I'll send the patch upstream after a couple of other people confirm that I didn't overlook anything.

Testing and feedback are very welcome.

Update: a week later, at least one site runs the patched authbind in production, and I have sent the patch to the author (with no response yet). The patch is also now cited in a bug report filed against the Debian package.

Update: a year later, Ian Jackson responded to the bug report and said the patch was unacceptable, because it changed the internal calling convention for a helper program. I wanted to redo and resubmit the patch, but couldn't drum up the motivation to actually do so.

Update (2012-06-02): a year and a half after I wrote the patch, Ian Jackson has released authbind 2.0.0 with IPv6 support. A quick glance suggests that he didn't use any of my code.