Casper.Dik at Sun.COM wrote: > >> But it makes the description of NET_ACCESS much more complicated; not >> only do we have PRIV_NET_RAWACCESS but also PRIV_NET_ICMPACCESS. > > I'm not sure that this more complicated by any stretch of imagination. > > + PRIV_NET_ACCESS > + Allows a process to open an unprivileged network connection.
You're kidding, right? You have a circular definition with a negation in it. Hence self-conflicting. For example. Since one requires PRIV_NET_ACCESS to open a TCP socket, that makes a TCP socket a privileged network connection. Hence by the above description a TCP socket doesn't require PRIV_NET_ACCESS. >> If we uniformly apply NET_ACCESS for all IP based transports then there >> is a single privilege that needs to be removed to ensure that IP >> networking can not be used. > > Requiring multiple privileges for a specific operation runs against the > grain of the Solaris privilege implementation. It is just about "implementation", or something more fundamental? It sounded from the case that you wanted to provide a single privileged that could be removed to prevent opening any INET/INET6 socket. But you are not providing that since the user would also have to make sure PRIV_NET_*ACCESS is removed. If we really can't have an umbrella PRIV_NET_ACCESS apply to all INET* endpoints, then it would make more sense to introduce finder grain ones like PRIV_NET_{TCP,UDP,SCTP}ACCESS which follows the pattern of the RAW and ICMP ones. Erik