>> I agree that there is a risk for somewhat of a Denial of Service attack here.
>> But it is a fairly small possibility; not only do the attacking application
>> need to run on the same machine, it also has no effect until there is
>> actually a reachability problem.
>> So I don't know how serious problem this is.
>
>> Restricting its use to priviledged users means that e.g. the resolver library
>> (when invoked by a non-priviledged process) can't provide reachability
>> confirmation over UDP.
>> I think that would be unfortunate.
>
>Right, and I feel this is a tradeoff issue. I personally think it is
>okay not to restrict the use of the option as long as comments on the
>possible attacks are stated. What do others think?
I think it is unfortunate, but I vote for restrictive way (i.e. require
root privilege). another way may be to interpret, in the kernel, like
this:
- consider IPV6_REACHCONF from privileged user as very trustworthy
- consider IPV6_REACHCONF from normal user as less trustworthy
information, just as hint. do not 100% rely upon reachability
confirmation came from normal user.
not sure how to implement the latter. let me think.
itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
