Remove inetutils from LFS [was Re: GCC-4.0.1]
archaic at linuxfromscratch.org
Mon Aug 22 18:22:32 PDT 2005
On Mon, Aug 22, 2005 at 01:33:37PM -0400, Jason Gurtz wrote:
> Certainly raw sockets would be a huge risk, but I don't see how echo_reply
> at a 1 per second rate or something is a problem. I guess a non-root user
> could flood a host just as easily with some standard TCP packet--HTTP GET
> for example by forking wget? Seems like it would be a better idea to just
> (uh oh, there's that word "just" ;) have a limited per user heap of
> available network connections. Hey, wouldn't it be cool if root could
> arbitrate how many of each type (TCP, UDP, ICMP) of connection each
> user/group had in each of its instance's heap.
There is. It's called iptables.
Want control, education, and security from your operating system?
Hardened Linux From Scratch
More information about the lfs-dev