Re: [Linux Diffserv] Need to be root to setsockopt() for EF?

netdev

Re: [Linux Diffserv] Need to be root to setsockopt() for EF?

To:	pekkas@xxxxxxxxxx (Pekka Savola)
Subject:	Re: [Linux Diffserv] Need to be root to setsockopt() for EF?
From:	Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>
Date:	Sun, 7 Oct 2001 23:49:35 +0400 (MSD)
Cc:	netdev@xxxxxxxxxxx
In-reply-to:	<Pine.LNX.4.33.0110050814520.492-100000@netcore.fi> from "Pekka Savola" at Oct 5, 1 09:45:00 am
Sender:	owner-netdev@xxxxxxxxxxx

Hello!

> A part of DSCP field was previously Precedence.
> 
> Linux has required that in order to use 'Critical' or higher Precedence,
> one must have CAP_NET_ADMIN capability, in most cases, root.
> 
> I'm not one to say whether this restriction should be removed.  Perhaps.

Not removed, but made _stronger_.

Essentially, allowing user to set an arbitrary DSCP is an evidence of security
hole and subject of CAP_NET_RAW or ADMIN. Actually, one of considered
variants was to allow to set by default only three values: 0 and those
which used to correspong low-delay and high-throghput.

Alexey

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Linux Diffserv] Need to be root to setsockopt() for EF?, Craig Rodrigues Re: [Linux Diffserv] Need to be root to setsockopt() for EF?, Pekka Savola Re: [Linux Diffserv] Need to be root to setsockopt() for EF?, Alexey Kuznetsov <= Re: [Linux Diffserv] Need to be root to setsockopt() for EF?, Craig Rodrigues Re: [Linux Diffserv] Need to be root to setsockopt() for EF?, jamal

Previous by Date:	NMI Watchdog detected LOCKUP on CPU1, Martin Josefsson
Next by Date:	Re: [Linux Diffserv] Need to be root to setsockopt() for EF?, Craig Rodrigues
Previous by Thread:	Re: [Linux Diffserv] Need to be root to setsockopt() for EF?, Pekka Savola
Next by Thread:	Re: [Linux Diffserv] Need to be root to setsockopt() for EF?, Craig Rodrigues
Indexes:	[Date] [Thread] [Top] [All Lists]