Remove inetutils from LFS [was Re: GCC-4.0.1]

Zachary Kotlarek profplump at engineer.com
Mon Aug 22 12:03:06 PDT 2005


On Aug 22, 2005, at 12:33 PM, Jason Gurtz wrote:

> Certainly raw sockets would be a huge risk, but I don't see how  
> echo_reply
> at a 1 per second rate or something is a problem.

Except you'd have to add a kernel interface just to send ICMP echo  
requests, along with whatever options you want to allow non-root  
users to specify. IMHO that is at least as crazy as a setuid program  
with the same purpose.

Even a general interface to send ICMP packets  is much too dangerous  
-- send out a few HOST UNREACHABLEs with the local router's address  
and you'll knock the whole subnet offline. That's one of the reasons  
there's not an interface to create ICMP packets in the first place,  
for root or anyone else.

     Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1664 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-dev/attachments/20050822/4be94b57/attachment.bin>


More information about the lfs-dev mailing list