On Mon, Jun 12, 2006 at 04:28:45PM -0400, James Carlson wrote:
> Nicolas Williams writes:
> > That's not strange, that's logical. Earlier I proposed
> > PRIV_{NET|IPC}_{INITIATE|ACCEPT}, if we do this at all.
>
> That ignores both the datagram- versus connection-oriented issues
> (read and write are not at all the same as accept and connect), as
> well as the interesting wrinkles added by Zones.
Not really. It says each datagram is like a connection with one-way
data flow. A pretty big hammer, sure, but the whole notion of basic
privileges for controlling networking seems like a pretty big hammer.
> Is loopback (127.1) an IPC or a network? Is a separate zone on the
> same machine an IPC?
IMO "end-points in different zones" means "this isn't IPC."
> We're in an area where I think we can't quite define what it is we
> want to restrict, but that we know it when we see it. :-/
Yup.
> My point is that if we use a dull instrument to solve the problem,
> then we'll just end up with a new set of problems. Once we figure out
> how to solve _those_, we'll be left carrying around the baggage for
> the previous attempt at solving the problem.
>
> In that case, less extravagant design is probably better.
I don't see the proposal as extravagant. It's an example of "when all
you have is a hammer everything looks like a nail." Which isn't to say
that this hammer is never useful, but I'm not sure there are many
examples where it would be.
_______________________________________________
networking-discuss mailing list
[email protected]
