Gregory K. Ruiz-Ade wrote:
See, there's that now-seemingly-arbitrary "you must be root to do special things" idea that's a holdover from when there were, what, 5 unix hosts on the internet ([D]ARPANET)?
In this instance, it's the access to the "raw socket/packet" API that requires root.
I'm torn on this one. On one hand, you at least have to break *something* if you want to forge packets. On the other hand, if users could actually access the raw packet API, you could roll out new protocols much easier.
I'm still not sure the "you must be root" metric is appropriate anymore. MACs and other capabilities/roles methods are much better.
Recommendations? I'm in the process of bringing up an OpenSolaris server. That seems to do a better job of that, but I'm still a neophyte. References would be good.
And their grass is greener.
Heh. -a -- KPLUG-List@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
