On 10/27/06, Hagen Paul Pfeifer <[EMAIL PROTECTED]> wrote:
Check if user has CAP_NET_ADMIN capability to change congestion control algorithm. Under normal circumstances a application programmer doesn't have enough information to choose the "right" algorithm (expect he is the pchar/pathchar maintainer). At 99.9% only the local host administrator has the knowledge to select a proper standard, system-wide algorithm (the remaining 0.1% are for testing purpose). If we let the user select an alternative algorithm we introduce one potential weak spot - so we ban this eventuality.
I don't agree with this at all. I would love Firefox, BitTorrent etc to implement usage of TCP-LP for example so they use "unused" bandwidth only. With this change applications can't do this. If we are going to restrict by capabilities then I think we should only restrict module loading - this way the admin of the box can decide what algorithms can be used. Ian -- Ian McDonald Web: http://wand.net.nz/~iam4 Blog: http://imcdnzl.blogspot.com WAND Network Research Group Department of Computer Science University of Waikato New Zealand - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html