[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20100319.145336.226782717.davem@davemloft.net>
Date: Fri, 19 Mar 2010 14:53:36 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: andi@...stfloor.org
Cc: cl@...ux-foundation.org, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: Add PGM protocol support to the IP stack
From: Andi Kleen <andi@...stfloor.org>
Date: Fri, 19 Mar 2010 18:18:36 +0100
> Christoph Lameter <cl@...ux-foundation.org> writes:
>>
>> I know about the openpgm implementation. Openpbm does this at the user
>> level and requires linking to a library. It is essentially a communication
>> protocol done in user space. It has privilege issues because it has to
>> create PGM packets via a raw socket.
>
> That seems like a poor reason alone to put something into the kernel
> Perhaps you rather need some way to have unpriviledged raw sockets?
>
> The classical way to do this is to start suid root, only open
> the socket and then drop privileges.
I completely agree.
We should be able to make a way for unprivileged users to
use RAW sockets in some limited capacity, for cases like this.
But I also don't consider what openpbm has to do right now to
be all that much of a restriction. You need privileges to
add the protocol to the kernel, you need privileges to run
the userspace variant, there is no real difference.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists