Peter Memishian wrote: > > > should not having "network privileges" prevent applications from being > > > used for local purposes? Further, the set of impacted applications will > > > be essentially random based on the whim of the IPC mechanism used by its > > > implementors. > > > > I think what Casper is arguing is that this doesn't actually matter. > > Someone who wants to revoke this privilege for some process will need to > > test the application (and perhaps examine its source code) in order to > > determine whether doing so is feasible. If that's done right, you'd > > have no problems. > > ... and repeat the exhaustive evaluation every time it's patched.
Yep. That's LP for you. It gets right into the implementation details. > I could see doing this on a subset of well-controlled applications, but > what happens when a customer using this facility wants some Sun-supported > application that happens to use loopback inet IPC to "work"? Are we going > to change the code to accommodate their need, or tell them they're off the > reservation? Good question; I have no idea. I suspect it would be an RFE, like any other, and the priority set based on how important the customer is, how motivated you are to fix it, and so on. > So long as it's the latter, and this is made clear up-front, > I don't have a strong objection to Casper's proposal, though I still fear > that the loopback inet IPC restriction will cause unexpected problems for > applications that just happen to use that mechanism for their IPC. Sure. But that's true of just about all of the LP bits, particularly those things (like this one) in the "basic" privilege set. Anything less than "basic" isn't really UNIX anymore. -- James Carlson 42.703N 71.076W <carlsonj at workingcode.com>
