>But it makes the description of NET_ACCESS much more complicated; not >only do we have PRIV_NET_RAWACCESS but also PRIV_NET_ICMPACCESS.
I'm not sure that this more complicated by any stretch of imagination. + PRIV_NET_ACCESS + Allows a process to open an unprivileged network connection. + >If we uniformly apply NET_ACCESS for all IP based transports then there >is a single privilege that needs to be removed to ensure that IP >networking can not be used. Requiring multiple privileges for a specific operation runs against the grain of the Solaris privilege implementation. Casper
