>I know of at least one customer who used to accomplish this in previous >Solaris releases by restricting the permission bits on /dev/tcp. [1] >It's worth re-examining Meem's objection about IPC in light of customers >like this. When this basic privilege is available, they might well >remove it from all user processes in order to get the same effect they >had before. How much IPC breakage is likely to follow from this action?
My experience is that there is very little, if any, breakage. >[1] This technique doesn't work any more because socket() operations do >not open /dev/tcp. In Solaris 10, we still open evaluate the device policy; but in Volo, we never get near to /dev/tcp. Casper
