> Today, to access or set TCP/IP network parameters, one needs > PRIV_SYS_IP_CONFIG and it's defined in privileges(5) > > --------- > PRIV_SYS_IP_CONFIG > > Allow a process to configure network parameters for TCP/IP using ndd. > Allow a process access to otherwise restricted TCP/IP information > using ndd. > --------------- > > Now should we restrict the output of following subcommands > > (a) ipadm show-prop (show's module specific NDD properties) > (b) ipad show-ifprop (show's interface specific NDD properties) > > like we do for ndd(1M), today? > > However, for dladm(1M), with Sebastien's PSARC/2008/473 push, some of > the 'dladm show-*' commands needs no privileges. What is the expected > behavior here?
I see no compelling reason to restrict the ability to see the current values of properties. -- meem
