On Wed, Jan 31, 2007 at 01:05:40PM -0600, David Young wrote:
> On Wed, Jan 31, 2007 at 10:29:55AM +0000, Iain Hibbert wrote:
> > On Tue, 30 Jan 2007, David Young wrote:
> > 
> > > On Wed, Jan 31, 2007 at 01:28:26AM +0100, Joerg Sonnenberger wrote:
> > > > 3. Make the check honour the domain of the socket?
> > >
> > > ISTR I had to do that for PF_ROUTE.
> > 
> > Yeah, I saw that hardcoded exception..
> 
> I think the 4.4BSD model may as well get another hard-coded exception.

Or the restriction could be removed from the 4.4BSD model completely and
instead, every protocol should provide a listener to allow/deny opening of
raw sockets (or any other sockets). It is the protocol who knows the
security implications of its raw sockets.

Pavel