Garrett D'Amore wrote:
> This seems like a good idea, but out of curiosity, is there a specific
> motivation here?
For any basic privilege, the high-level motivation is to be able to
limit processes (or users) by removing functionality that normally
requires no privileges. In this case, that functionality is the ability
to open network connections.
I know of at least one customer who used to accomplish this in previous
Solaris releases by restricting the permission bits on /dev/tcp. [1]
It's worth re-examining Meem's objection about IPC in light of customers
like this. When this basic privilege is available, they might well
remove it from all user processes in order to get the same effect they
had before. How much IPC breakage is likely to follow from this action?
Scott
[1] This technique doesn't work any more because socket() operations do
not open /dev/tcp.
--
Scott Rotondo
Principal Engineer, Solaris Security Technologies
President, Trusted Computing Group
Phone/FAX: +1 408 850 3655 (Internal x68278)
