> > should not having "network privileges" prevent applications from being > > used for local purposes? Further, the set of impacted applications will > > be essentially random based on the whim of the IPC mechanism used by its > > implementors. > > I think what Casper is arguing is that this doesn't actually matter. > Someone who wants to revoke this privilege for some process will need to > test the application (and perhaps examine its source code) in order to > determine whether doing so is feasible. If that's done right, you'd > have no problems.
... and repeat the exhaustive evaluation every time it's patched. I could see doing this on a subset of well-controlled applications, but what happens when a customer using this facility wants some Sun-supported application that happens to use loopback inet IPC to "work"? Are we going to change the code to accommodate their need, or tell them they're off the reservation? So long as it's the latter, and this is made clear up-front, I don't have a strong objection to Casper's proposal, though I still fear that the loopback inet IPC restriction will cause unexpected problems for applications that just happen to use that mechanism for their IPC. -- meem
