[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1398355320.7767.175.camel@deadeye.wl.decadent.org.uk>
Date: Thu, 24 Apr 2014 17:02:00 +0100
From: Ben Hutchings <ben@...adent.org.uk>
To: Hannes Frederic Sowa <hannes@...essinduktion.org>
Cc: Florian Westphal <fw@...len.de>, netdev <netdev@...r.kernel.org>,
Vasiliy Kulikov <segoon@...nwall.com>
Subject: Re: [RFC][PATCH] IP: Make ping sockets optional
On Thu, 2014-04-24 at 17:17 +0200, Hannes Frederic Sowa wrote:
> On Wed, Apr 23, 2014 at 06:27:12PM +0200, Florian Westphal wrote:
> > Ben Hutchings <ben@...adent.org.uk> wrote:
> > > Userspace can't assume it now because access is controlled by a sysctl.
> > >
> > > I think it is for distributions to choose whether to enable this feature
> > > in ping and the kernel.
> >
> > I am not (yet) buying this argument.
> >
> > Saying 'you need to change sysctl foo for this to work' in a program manpage
> > is a lot different than 'you need to recompile the kernel'.
>
> Maybe we can make the Kconfig option depend on CONFIG_EMBEDDED so that we can
> be sure people don't have man-pages on the device. ;)
>
> Seriously, I think doing authorization check based on gids in a sysctl is
> wrong.
It is quite weird but perhaps made sense in the context of some embedded
systems.
> Switching over to capabilities seems to make this interface much
> more useable to me. But we would need to make sure, that we don't suddenly
> allow people to use those sockets where it was restricted previously.
Standard ping could already be implemented as setcap (CAP_NET_RAW). You
want a capability just for ping?
Ben.
--
Ben Hutchings
Beware of programmers who carry screwdrivers. - Leonard Brandwein
Download attachment "signature.asc" of type "application/pgp-signature" (812 bytes)
Powered by blists - more mailing lists