From: KOVACS Krisztian <[EMAIL PROTECTED]> Date: Tue, 6 Feb 2007 15:36:18 +0100
> Neither of these require IP_FREEBIND as core functionality, and will > probably work if IP_FREEBIND would be bound to CAP_NET_ADMIN. > > So the question is: shall we take the IP_FREEBIND approach, this would > change a hardly ever used interface by requiring CAP_NET_ADMIN > capabilities, or we should try finding all the scattered places in the > Linux IP stack which does a route lookup? We're not going to remove functionality from the user for the sake of convenience of something you are trying to write. If it was some security hole, then fine, but it's not so it can stay and it does have legitimate uses. This freebind behavior should actually be the default, but we had to put the socket option and sysctl there because allowing freebind by default makes several test suites fail that try to purposely bind to a non-local address and expect an error return. It allows servers to bind when your on-demand connection is down. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
