>I'm starting to think a derail might be in order, but I'd like to know
>how the other members feel. I'm neither the foremost security nor the
>foremost networking member of PSARC, so I'll just defer to the
>decision(s) made by those individuals.
I still haven't seen any application which uses inet sockets and which
isn't a system tool; even the X server can work without tcp sockets.
In theory, I can see that this might be an issue, but note that an
application with one or more basic privileges missing is no longer running
in a POSIX environment. It is similar to the FILE_READ and the FILE_WRITE
privileges: a file cannot open a file for read or write.
I want to clarify the definition of the NET_ACCESS privilege as follows:
privilege NET_ACCESS
Allows a process to open a TCP, UDP or SCTP network endpoint.
This makes clear that ICMP and RAW sockets do not require more than the
NET_ICMPACCESS or NET_RAWACCESS.
While I'm not against derailing, per se. I will understand that a fine
grained access control may serve all users better and we are actually
working on that.
This is a simple mechanism and similar mechanisms have been tested by
customers, using artifacts of earlier Solaris implementation. These
artifacts no longer exist and so the customer has a problem.
In theory, this might not be the best but in practice it seems to work
well.
Casper
