Re: ipchains: /proc/net/ip_fw* permission change

Paul Rusty Russell (Paul.Russell@rustcorp.com.au)
Mon, 18 Jan 1999 15:42:09 +1130

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: ipchains: /proc/net/ip_fw* permission change"
Previous message: Albert D. Cahalan: "Re: *** draft 3 - press release ***"
Next in thread: Alan Cox: "Re: ipchains: /proc/net/ip_fw* permission change"
Reply: Alan Cox: "Re: ipchains: /proc/net/ip_fw* permission change"

In message <m101yue-0007U1C@the-village.bc.nu> you write:
> > such a discussion would have happened, or is there an obvious reason why
> > people shouldn't be allowed to see how many packets have been processed
> > by ipchains?
>
> For accounting only minor ones, for firewalling serious ones.

I got overridden on this one. As pointed out, it was that way all
through 2.0; changing the permissions to root-readable only is of such
marginal benifit that I would not have done it in a freeze. Given
that monitoring programs now need to run as root, the net result is
probably no change in security.

Rusty.

-- .sig lost in the mail.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: ipchains: /proc/net/ip_fw* permission change"
Previous message: Albert D. Cahalan: "Re: *** draft 3 - press release ***"
Next in thread: Alan Cox: "Re: ipchains: /proc/net/ip_fw* permission change"
Reply: Alan Cox: "Re: ipchains: /proc/net/ip_fw* permission change"