| To: | pekkas@xxxxxxxxxx (Pekka Savola) |
|---|---|
| Subject: | Re: [Linux Diffserv] Need to be root to setsockopt() for EF? |
| From: | Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx> |
| Date: | Sun, 7 Oct 2001 23:49:35 +0400 (MSD) |
| Cc: | netdev@xxxxxxxxxxx |
| In-reply-to: | <Pine.LNX.4.33.0110050814520.492-100000@xxxxxxxxxx> from "Pekka Savola" at Oct 5, 1 09:45:00 am |
| Sender: | owner-netdev@xxxxxxxxxxx |
Hello! > A part of DSCP field was previously Precedence. > > Linux has required that in order to use 'Critical' or higher Precedence, > one must have CAP_NET_ADMIN capability, in most cases, root. > > I'm not one to say whether this restriction should be removed. Perhaps. Not removed, but made _stronger_. Essentially, allowing user to set an arbitrary DSCP is an evidence of security hole and subject of CAP_NET_RAW or ADMIN. Actually, one of considered variants was to allow to set by default only three values: 0 and those which used to correspong low-delay and high-throghput. Alexey |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | NMI Watchdog detected LOCKUP on CPU1, Martin Josefsson |
|---|---|
| Next by Date: | Re: [Linux Diffserv] Need to be root to setsockopt() for EF?, Craig Rodrigues |
| Previous by Thread: | Re: [Linux Diffserv] Need to be root to setsockopt() for EF?, Pekka Savola |
| Next by Thread: | Re: [Linux Diffserv] Need to be root to setsockopt() for EF?, Craig Rodrigues |
| Indexes: | [Date] [Thread] [Top] [All Lists] |