Basic Network Privilege [PSARC/2009/685 FastTrack timeout 01/01/2010]

[casper....@sun.com]

>Right, and I think you may also have discovered libnsl's use of socket
>ioctls to get local address information while processing name lookup
>calls.  It does that because nscd's address lists are unsorted, and
>getaddrinfo() and friends return a sorted address list using an
>algorithm that uses the local address list as input (this was introduced
>by PSARC 2002/390).  That said, given that applications without the
>proposed privilege won't be able to communicate with the returned
>addresses, their sort order is quite meaningless.  In that case,
>ignoring the failed socket() call and returning the unsorted address
>list directly from nscd would likely be the right thing to do.

I indeed discovered this; I do prefer fixing that, though, because I prefer
this:

 finger @localhost
[localhost] socket: Permission denied

to this:
finger @localhost 
unknown host: localhost

So why is nscd not sorting the addresses?

>In any case, +1 from me.

Thanks.

Casper