On Dec 31, 2009, at 6:33 AM, Casper.Dik at sun.com wrote: > > >> I'm starting to think a derail might be in order, but I'd like to >> know >> how the other members feel. I'm neither the foremost security nor >> the >> foremost networking member of PSARC, so I'll just defer to the >> decision(s) made by those individuals. > > I still haven't seen any application which uses inet sockets and which > isn't a system tool; even the X server can work without tcp sockets.
There are many that do this, but I'm uncertain what would not be a system tool. Among them are vnc (often used with localhost) and tunneled X and other ports with ssh. But I think this is all irrelevant. Cutting out the ability to open sockets is like cutting out other basic privileges, such as opening files or forking. To do it, you must have detailed information about the design of the program you're affecting. Without the source code, you might get away with some hacks, like using privilege debug to find "all" of the needed flags, but doing it right means knowing the code. As those are the only safe users, I see no problem allowing them to remove unused OS features at run time. For all others, a simple "removing privileges set by the original designer may have unpredictable consequences" warning seems sufficient to me.
