> But more generally: if you revoke the ability to send and receive > network packets from what appears to be a "non-networking" > application, this will also revoke network access from libraries that > this application calls. Figuring out what's affected by this seems to > me to be a big part of figuring out how the feature could be used (and > what it must do in order to be useful).
I agree, though the same can be said for the existing privileges, which has always concerned me. The only way I can see for this sort of stuff to be robust in the face of patching is for certain "interesting" implementation artifacts to be promoted to be part of the interfaces themselves, but that may create more architectural problems than it solves, especially in the long-run. -- meem _______________________________________________ networking-discuss mailing list [email protected]
