On Mon, May 08, 2006 at 01:21:58PM -0700, Erik Nordmark wrote: > Peter Memishian wrote: > > >We're not sure -- we've asked for Casper's thoughts on > >PRIV_NET_OBSERVABILITY as a whole, but he's on vacation at the moment. > > Isn't "observability" a bit too broad here? I would assume observability > includes packet counters (e.g., netstat -i) in addition to being able to > look at the packet content.
Looking at counters does not typically require privilege, but maybe it should require some basic privilege, as counters might leak useful data. > I suspect for snoop-type activity we might over time need a range of > visibility, just as I suspect we'll need a set of privileges around > being able to send different degrees of raw packets. Well, if you mean ICMP ECHO REQUEST/REPLY, having a syscall (socket?) interface to do that would save us the bother with privileges for distinguishing those types of packets from other uses of raw networking, no? > One way of approaching this is to define a small set of "raw" privileges > that can separately capture being able to observe/receive and being able > to transmit. Sending and receiving are different things. And for loopback, does anyone ever want to be able to send packets using a rawip socket? Why? Because of missing non-raw interfaces or for fault injection? Anyways, for me the bottom line is: someday have two privileges for snooping, one for loopback and one for non-loopback. It's hardly an urgent matter, but getting this right now may save privilege-splitting headaches later. Nico -- _______________________________________________ networking-discuss mailing list [email protected]
