On Wed, Jan 31, 2007 at 05:37:07PM -0500, Thor Lancelot Simon wrote:
> On Wed, Jan 31, 2007 at 01:05:40PM -0600, David Young wrote:
> > 
> > The rule "only root can create a raw socket, PF_ROUTE and PF_BLUETOOTH
> > sockets excepted" is a blunt instrument for enforcing a policy on
> > what packets a program can send and receive.
> 
> I don't agree.  I believe it's the correct policy, to prohibit non-
> superuser programs on multiuser systems from sending arbitrary network
> packets behind the stack's back; that we have no appropriate socket
> interfaces to many common protocols we do wish to let nonprivileged
> programs use is the real problem.

Based on what you just wrote, I think you do agree: it is a blunt
instrument for policy enforcement. :-)

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933