From: David Miller <davem@davemloft.net>
To: ian.mcdonald@jandi.co.nz
Cc: hagen@jauu.net, jheffner@psc.edu, shemminger@osdl.org,
netdev@vger.kernel.org
Subject: Re: [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm
Date: Thu, 26 Oct 2006 17:07:32 -0700 (PDT) [thread overview]
Message-ID: <20061026.170732.26277153.davem@davemloft.net> (raw)
In-Reply-To: <5640c7e00610261659g5816942ndaf4e09eb8110c9e@mail.gmail.com>
From: "Ian McDonald" <ian.mcdonald@jandi.co.nz>
Date: Fri, 27 Oct 2006 12:59:30 +1300
> I don't agree with this at all. I would love Firefox, BitTorrent etc
> to implement usage of TCP-LP for example so they use "unused"
> bandwidth only.
>
> With this change applications can't do this.
>
> If we are going to restrict by capabilities then I think we should
> only restrict module loading - this way the admin of the box can
> decide what algorithms can be used.
You are using an example of a (supposedly) safe case of this
as a justification for allowing all cases.
It is bad, very bad, to allow arbitrary users to select arbitrary
congestion control algorithms. It is just as bad as allowing them to
disable congestion control completely if that were an option.
If someone, for example, builds all the algorithms statically into
their kernel, for testing as root, this lets all users on the machine
do the same which is not right.
next prev parent reply other threads:[~2006-10-27 0:07 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-25 18:08 [RFC] tcp: setsockopt congestion control autoload Stephen Hemminger
2006-10-25 23:21 ` Patrick McHardy
2006-10-26 5:22 ` Evgeniy Polyakov
2006-10-26 14:34 ` Stephen Hemminger
2006-10-26 14:57 ` Evgeniy Polyakov
2006-10-26 15:23 ` Stephen Hemminger
2006-10-26 17:05 ` Patrick McHardy
2006-10-26 20:55 ` David Miller
2006-10-26 17:29 ` John Heffner
2006-10-26 20:57 ` David Miller
2006-10-26 22:44 ` Hagen Paul Pfeifer
2006-10-26 22:53 ` John Heffner
2006-10-26 23:52 ` [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm Hagen Paul Pfeifer
2006-10-26 23:59 ` Ian McDonald
2006-10-27 0:07 ` David Miller [this message]
2006-10-27 0:20 ` Ian McDonald
2006-10-27 0:02 ` David Miller
2006-10-27 10:43 ` Hagen Paul Pfeifer
2006-10-27 14:41 ` Stephen Hemminger
2006-10-27 15:21 ` Hagen Paul Pfeifer
2006-10-27 15:48 ` Stephen Hemminger
2006-10-27 17:30 ` [PATCH] tcp: don't allow unfair congestion control to be built without warning Stephen Hemminger
2006-10-27 17:43 ` John Heffner
2006-10-27 17:59 ` [PATCH] tcp: allow restricting congestion control choices Stephen Hemminger
2006-10-27 21:17 ` [PATCH] tcp: don't allow unfair congestion control to be built without warning David Miller
2006-10-27 21:24 ` Stephen Hemminger
2006-10-27 21:37 ` David Miller
2006-10-27 21:59 ` Stephen Hemminger
2006-10-27 22:12 ` David Miller
2006-10-27 22:21 ` Stephen Hemminger
2006-10-27 22:24 ` David Miller
2006-10-28 0:48 ` Stephen Hemminger
2006-10-28 3:10 ` [RFC] tcp: available congetsion control Stephen Hemminger
2006-10-27 21:22 ` [PATCH] Check if user has CAP_NET_ADMIN to change congestion control algorithm David Miller
2006-10-27 1:03 ` Stephen Hemminger
2006-10-27 18:14 ` [PATCH] tcp: setsockopt congestion control autoload Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061026.170732.26277153.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=hagen@jauu.net \
--cc=ian.mcdonald@jandi.co.nz \
--cc=jheffner@psc.edu \
--cc=netdev@vger.kernel.org \
--cc=shemminger@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).