A few days ago, my friend Aaron was trying to add IPv6 support to
a program by Ian Jackson which allows unprivileged processes to bind
reserved ports through LD_PRELOAD-interception of bind(2) and a
setuid-root helper program.
Yesterday, after returning from a long train journey, I took a few hours
to decompress and hack the necessary changes together. It turned out to
be quite simple. Here's the patch.
The changes have received only light testing, but everything seemed to
work in the test cases I contrived. I'll send the patch upstream after
a couple of other people confirm that I didn't overlook anything.
Testing and feedback are very welcome.
Update: a week later, at least one site runs the patched authbind
in production, and I have sent the patch to the author (with no response
yet). The patch is also now cited in a
report filed against the Debian package.
Update: a year later, Ian Jackson responded to the bug report and
said the patch was unacceptable, because it changed the internal calling
convention for a helper program. I wanted to redo and resubmit the
patch, but couldn't drum up the motivation to actually do so.
Update (2012-06-02): a year and a half after I wrote the patch,
Ian Jackson has released authbind 2.0.0 with IPv6 support. A quick
glance suggests that he didn't use any of my code.