>I don't understand the motivation for excluding the raw sockets and/or
>icmp sockets from checking NET_ACCESS. It seems simpler from a user
>perspective if removing NET_ACCESS has the effect of making the user no
>longer be able to open any TCP, UDP, SCTP, or RAW sockets.
Because you already need a privilege and there's no need to remove those
privileges?
>Thus I think it makes sense removing the above exception.
>
>
>Do we know if there is any impact to getaddrinfo() and friends? I
>believe the library code opens a UDP socket to issue SIOC ioctls (done
>as part of verifying whether IPv4 and/or IPv6 is configured on the
>system). Perhaps that isn't an architectural issue, but we need to make
>sure there aren't any confusing failures or error messages when
>NET_ACCESS has been removed from the privilege set.
If the library detects that opening /dev/udp{,6} fails it will pretend that
there are IP/IP6 interfaces and the application will find the hostname but
won't be able to connect.
Casper
