On Wed, 2009-12-23 at 14:49 -0800, Paul Armstrong wrote: > How about having: > * NET_ACCESS_LOCAL: Allow binding to ::1 > * NET_ACCESS_EXTERNAL: Allow binding to addresses other than ::1 > > This would allow restricting processes to just internal or just external > network communications.
I would have a problem with this kind of approach given that the loopback address is really no different than any other local address when communicating locally. Numerous applications have been known to simply connect to a local non-loopback address to communicate with local processes (e.g. by looking up the address associated with the local hostname and sending to that). Differentiating between local and remote communication would involve inspecting packets in the data path, and at that point, we're talking about filtering, and not privileges. -Seb
