On Wed, 31 Jan 2007 23:50:55 +0100
Pavel Cahyna <pavel@NetBSD.org> wrote:

> On Wed, Jan 31, 2007 at 01:05:40PM -0600, David Young wrote:
> > On Wed, Jan 31, 2007 at 10:29:55AM +0000, Iain Hibbert wrote:
> > > On Tue, 30 Jan 2007, David Young wrote:
> > > 
> > > > On Wed, Jan 31, 2007 at 01:28:26AM +0100, Joerg Sonnenberger
> > > > wrote:
> > > > > 3. Make the check honour the domain of the socket?
> > > >
> > > > ISTR I had to do that for PF_ROUTE.
> > > 
> > > Yeah, I saw that hardcoded exception..
> > 
> > I think the 4.4BSD model may as well get another hard-coded
> > exception.
> 
> Or the restriction could be removed from the 4.4BSD model completely
> and instead, every protocol should provide a listener to allow/deny
> opening of raw sockets (or any other sockets). It is the protocol who
> knows the security implications of its raw sockets.
> 
Right -- that's a decent mechanism.  But how is the policy
instantiated? 



		--Steve Bellovin, http://www.cs.columbia.edu/~smb