Casper.Dik at Sun.COM wrote:
>
>> I don't understand the motivation for excluding the raw sockets and/or
>> icmp sockets from checking NET_ACCESS. It seems simpler from a user
>> perspective if removing NET_ACCESS has the effect of making the user no
>> longer be able to open any TCP, UDP, SCTP, or RAW sockets.
>
> Because you already need a privilege and there's no need to remove those
> privileges?
But it makes the description of NET_ACCESS much more complicated; not
only do we have PRIV_NET_RAWACCESS but also PRIV_NET_ICMPACCESS.
If we uniformly apply NET_ACCESS for all IP based transports then there
is a single privilege that needs to be removed to ensure that IP
networking can not be used.
>> Thus I think it makes sense removing the above exception.
>>
>>
>> Do we know if there is any impact to getaddrinfo() and friends? I
>> believe the library code opens a UDP socket to issue SIOC ioctls (done
>> as part of verifying whether IPv4 and/or IPv6 is configured on the
>> system). Perhaps that isn't an architectural issue, but we need to make
>> sure there aren't any confusing failures or error messages when
>> NET_ACCESS has been removed from the privilege set.
>
> If the library detects that opening /dev/udp{,6} fails it will pretend that
> there are IP/IP6 interfaces and the application will find the hostname but
> won't be able to connect.
OK
Erik
