Subject: Re: KAUTH_REQ_NETWORK_SOCKET_OPEN
To: None <tls@rek.tjls.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-kern
Date: 01/31/2007 22:50:01
On Wed, 31 Jan 2007 17:37:07 -0500
Thor Lancelot Simon <tls@rek.tjls.com> wrote:

> On Wed, Jan 31, 2007 at 01:05:40PM -0600, David Young wrote:
> > 
> > The rule "only root can create a raw socket, PF_ROUTE and
> > PF_BLUETOOTH sockets excepted" is a blunt instrument for enforcing
> > a policy on what packets a program can send and receive.
> 
> I don't agree.  I believe it's the correct policy, to prohibit non-
> superuser programs on multiuser systems from sending arbitrary network
> packets behind the stack's back; that we have no appropriate socket
> interfaces to many common protocols we do wish to let nonprivileged
> programs use is the real problem.
> 
I think this is the real problem: we have insufficient granularity of
privilege on socket operations.  It would be very nice to find a clean
way of handling arbitary Unix-type permissions.  (I'd suggest netfs,
but someone would take me too seriously.)



		--Steve Bellovin, http://www.cs.columbia.edu/~smb