And behold, the IEEE gods gave us 802.1AE. #MACsechttps://twitter.com/RichFelker/status/1009870219333062658 …
In doing so, you're throwing out all privilege boundaries within that host or between other hosts it might forward/nat traffic for, and treating them all as one big trusted blob.
-
-
Some of these boundaries can be recreated with fancy iptables rules controlling which processes can make connections on which ports, but that's a sloppy, fragile replacement for process memory space isolation, filesystem permissions, etc.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.