On Wed, 31 Jan 2007 17:37:07 -0500
Thor Lancelot Simon <tls@rek.tjls.com> wrote:

> On Wed, Jan 31, 2007 at 01:05:40PM -0600, David Young wrote:
> > 
> > The rule "only root can create a raw socket, PF_ROUTE and
> > PF_BLUETOOTH sockets excepted" is a blunt instrument for enforcing
> > a policy on what packets a program can send and receive.
> 
> I don't agree.  I believe it's the correct policy, to prohibit non-
> superuser programs on multiuser systems from sending arbitrary network
> packets behind the stack's back; that we have no appropriate socket
> interfaces to many common protocols we do wish to let nonprivileged
> programs use is the real problem.
> 
I think this is the real problem: we have insufficient granularity of
privilege on socket operations.  It would be very nice to find a clean
way of handling arbitary Unix-type permissions.  (I'd suggest netfs,
but someone would take me too seriously.)



		--Steve Bellovin, http://www.cs.columbia.edu/~smb