Darren J Moffat wrote: > Nicolas Williams wrote: >> A note: >> >> Much Solaris functionality depends on IPC being available, >> particularly doors IPC, so any new basic privileges whose absence >> from E might break things should be considered one of the "unsafe" >> privileges (unsafe to not have in L, but in this case not safe to not >> have in E). >> >> A question: >> >> What applications would drop these basic privileges? > > any application that should never do any networking, believe it or not > there are some :-) We even have some customers who have understood > basic privileges well enough to request this!
But you have to remember, the network is the computer. And vice versa. What about naming services? Depending on the naming setup, it is entirely possible that library calls will need to make network connections under the hood. Even with nscd running, it may still require this. A distinction would have to be made between arbitrary network connections and one to the naming server. -- blu Rose are #FF0000, Violets are #0000FF. All my base are belong to you. ---------------------------------------------------------------------- Brian Utterback - OP/N1 RPE, Sun Microsystems, Inc. Ph:877-259-7345, Em:brian.utterback-at-ess-you-enn-dot-kom
