On 2012-06-07 12:29, Dave McGuire wrote:
On 06/07/2012 06:24 AM, Mark Benson wrote:
So we agree security is a storm in an espresso cup.
Well put. :)
If you farm it out to a low cost dedicated device it's not costing you
CPU cycles on your work computer.
MAC address spoofing gets around the issue of source MAC address from
a DECnet stack.
pcap gets around finding incoming packets that are fror your DECnet stack.
What issues remain that stop you using a non-kernel solution?
My only concern now is if the stack has to run as root how do
non-privileged ysers use it?
Howabout starting it as a daemon (running as root) via the boot
scripts, and have non-root users's programs access it via a socket?
Now you all got me confused again. What are you trying to do/solve here?
Are you trying to devise a way for normal users to talk raw ethernet??? Why?
Or are you just trying to figure out how a non-root user can start the bridge (or router)
program? Why would they do that? And why would this not be started at boot time? Also,
why, if you absolutely insist that normal users should start this at random time, would
not suid suffice?
Johnny