> > I could see doing this on a subset of well-controlled applications, but > > what happens when a customer using this facility wants some Sun-supported > > application that happens to use loopback inet IPC to "work"? Are we going > > to change the code to accommodate their need, or tell them they're off the > > reservation? > > How would this be any different than if they tried removing other basic > privileges, like the ability to fork() or exec(), from apps that really > needed it? If customers break their system, it's broken.
The difference is that removing the ability to fork() and exec() does exactly that. This privilege removes the ability to communicate on the network, and removes one of the mechanisms for IPC that has nothing inherently to do with communicating on the network. -- meem
