Remove inetutils from LFS [was Re: GCC-4.0.1]

Jason Gurtz jason at tommyk.com
Mon Aug 22 10:33:37 PDT 2005


On 8/22/2005 13:16, Bruce Dubbs wrote:
> I think it would be a much greater security problem if sending icmp or
> opening raw sockets by non-root users was allowed.

Certainly raw sockets would be a huge risk, but I don't see how echo_reply
at a 1 per second rate or something is a problem.  I guess a non-root user
could flood a host just as easily with some standard TCP packet--HTTP GET
for example by forking wget?  Seems like it would be a better idea to just
(uh oh, there's that word "just" ;)  have a limited per user heap of
available network connections.  Hey, wouldn't it be cool if root could
arbitrate how many of each type (TCP, UDP, ICMP) of connection each
user/group had in each of its instance's heap.

Maybe it is better after all in an suid program (well audited as you say
:).  It does keep code bloat down in the kernel at least; simpler anyway.

~Jason

-- 



More information about the lfs-dev mailing list