On Thu, 17 Jul 2003 kuznet@xxxxxxxxxxxxx wrote:
> Wait a second. What the hell is this in anycast.c? How is it possible
> to allow to any user to create reserved anycast?
> This makes them completely useless, everyone on LAN can join
> anycast service and blackhole it, which will prevent listening by real
> servers.
>
> This cannot be right. I think the logic is illegally stolen
> from multicast interface: only superuser calls can create/delete anycasts.
> Non-superuser can only listen existing one.
>
> I would block JOIN/LEAVE for non-superuser completely.
No user should be able to join anycast group, IMHO.
(Of course, that hasn't been specifed anywhere, but the implementations
should do what they think is best -- and I certainly think this is.)
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
|