Peter Memishian wrote On 05/05/06 16:47,:
> Should there be a different privilege for observing loopback vs.
> non-loopback traffic?
We're not sure -- we've asked for Casper's thoughts on
PRIV_NET_OBSERVABILITY as a whole, but he's on vacation at the moment.
Although I'm not sure, either, it's a very good question. Crossbow
is another project that will emphasize and proliferate the concept of
intra-machine traffic moving across internal virtual links, and it
does seem that there are very different security risks between that
and traditional networking. (I'm not saying that virtual links have
greater risks, just that they are so substantially different that
very different privileges are appropriate to observe them. Because
I may trust some data to move in the clear between zones/domains that
I wouldn't place in the clear on a wire, I may trust some people to
snoop at the wire who I don't want snooping my in-memory virtual
links.)
-=] Mike [=-
_______________________________________________
networking-discuss mailing list
[email protected]
