> > Other are not that nasty, but still nasty:
> > - bind(): the lower ports are reserved to root, so another box may trust
> > that a connection is coming from a system program, and not a
> > user process.
>
> You resolve that with capabilities as and when they are added. THe network
> side of checking for a 'can bind' 'cant bind' rule is easy
Yes, I've been thinking that the "UNIX way" of allowing every user the
privilege to bind() by default is annoying. It would be nice to make this
a capability, which users just happen to have by default.
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu