On Wed, 2009-12-30 at 12:50 -0800, Garrett D'Amore wrote: > Its unfortunate that applications use loopback to do their own local > IPC. Such applications are inherently busted IMO (unless they are > *intended* to operate over the network as well as locally), since they > rely on a correct network configuration and wind up utilizing a lot of > extra overhead associated with TCP/IP that a simpler IPC could elide.
IMO the debate of whether or not such applications are using an optimal IPC is irrelevant. Let's assess this architecture assuming that such applications exist. > I am starting to think that this well-intentioned idea needs to be > rethought, but I'm not sure how to best to deal with it. (I can think > of some unusual mechanisms ... like only allowing programs to > communicate to non-privileged local host ports if they lack the > necessary privilege), but I'm pretty sure that there are holes in these, > and the challenge of making this work "correctly" without either making > it "hard to understand", or not-useful seems not-obvious to me. > > I'm starting to think a derail might be in order, but I'd like to know > how the other members feel. I'm neither the foremost security nor the > foremost networking member of PSARC, so I'll just defer to the > decision(s) made by those individuals. I don't have any issues with the proposal given appropriate documentation that accurately states the scope of the privilege. Its utility is severely limited, obviously, but that doesn't make the proposal invalid. We have room on the agenda this week and we could simply have a verbal conversation to bring this fast-track to convergence without necessarily derailing it. I think such a discussion would be most productive if Casper, Erik, and Meem could attend. Would that be possible? -Seb
