On Mon, Jun 12, 2006 at 04:13:36PM -0400, James Carlson wrote:
> Nicolas Williams writes:
> > But more importantly, I'm not sure we can really restrict IPC at all.
> > You can always use plain regular files for IPC.
>
> Agreed. But the argument gets strange from that point on. If we
> don't restrict local IPC, why would we restrict loopback use of any
> networking protocol? The same argument seems to say that we should
> not do that.
That's not strange, that's logical. Earlier I proposed
PRIV_{NET|IPC}_{INITIATE|ACCEPT}, if we do this at all.
> But I'm not sure how far you can go down that road before you've
> invented per-application packet filters.
Privileges are awfully coarse. Per-application packet filters, and a
basic privilege for creating/modifying/deleting them, sound like a
better idea, though it wouldn't make the library evolution problem go
away.
Another possibility: packet filtering by cred_t/execname :)
_______________________________________________
networking-discuss mailing list
[email protected]
