On Thu, 2008-10-23 at 00:12 -0400, Peter Memishian wrote:
> Perhaps I'm misunderstanding part of the proposal, but having hardcoded
> policy in applications that cannot be overridden (e.g., by an admin who
> never wants to let DHCP through for a certain environment) seems bad.
This would be a misconfigured system.
The policy bypass would only be in effect if dhcpagent was running
because it's a socket option applied to open sockets.
dhcpagent would only be run if the system were configured to use DHCP to
get an address.
If the system is configured to use DHCP to get an address, but there's a
security policy in place preventing DHCP packets from entering or
leaving the interface, then the interface won't get an address and bits
won't move at all.
- Bill
