"Richard L. Hamilton" <rlhamil at smart.net> wrote:
> * IMO, Casper's point that Solaris 8 could achieve this with an ACL on
> /dev/tcp (and
> presumably on /dev/udp as well?) was interesting; perhaps in this sense,
> the privilege
> merely provides a different way of doing what could have been done (if in
> an undocumented
> sort of way) before.
Just a hint:
In Solaris 8, /devices was on UFS and sockets have been in libsocket.
Currently, /devices is a dynamic virtual filesystem that does not know ACLs.
UNIX-98 aka. SUSv2 requires that sockets work 100% correctly, so they cannot
be implemented inside libsocket without breaking the sd2 = dup(sd1) semantics.
For this reason, socket() is now implemented in kernel space.
Any implementation that is based on ACLs thus is nothing that can be used
as a base for discussion.
J?rg
--
EMail:joerg at schily.isdn.cs.tu-berlin.de (home) J?rg Schilling D-13353 Berlin
js at cs.tu-berlin.de (uni)
joerg.schilling at fokus.fraunhofer.de (work) Blog:
http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
