Remove inetutils from LFS [was Re: GCC-4.0.1]

Archaic archaic at linuxfromscratch.org
Mon Aug 22 18:22:32 PDT 2005


On Mon, Aug 22, 2005 at 01:33:37PM -0400, Jason Gurtz wrote:
> 
> Certainly raw sockets would be a huge risk, but I don't see how echo_reply
> at a 1 per second rate or something is a problem.  I guess a non-root user
> could flood a host just as easily with some standard TCP packet--HTTP GET
> for example by forking wget?  Seems like it would be a better idea to just
> (uh oh, there's that word "just" ;)  have a limited per user heap of
> available network connections.  Hey, wouldn't it be cool if root could
> arbitrate how many of each type (TCP, UDP, ICMP) of connection each
> user/group had in each of its instance's heap.

There is. It's called iptables.

-- 
Archaic

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs




More information about the lfs-dev mailing list