Remove inetutils from LFS [was Re: GCC-4.0.1]
jason at tommyk.com
Mon Aug 22 10:33:37 PDT 2005
On 8/22/2005 13:16, Bruce Dubbs wrote:
> I think it would be a much greater security problem if sending icmp or
> opening raw sockets by non-root users was allowed.
Certainly raw sockets would be a huge risk, but I don't see how echo_reply
at a 1 per second rate or something is a problem. I guess a non-root user
could flood a host just as easily with some standard TCP packet--HTTP GET
for example by forking wget? Seems like it would be a better idea to just
(uh oh, there's that word "just" ;) have a limited per user heap of
available network connections. Hey, wouldn't it be cool if root could
arbitrate how many of each type (TCP, UDP, ICMP) of connection each
user/group had in each of its instance's heap.
Maybe it is better after all in an suid program (well audited as you say
:). It does keep code bloat down in the kernel at least; simpler anyway.
More information about the lfs-dev