Paul Rogers wrote: > I don't recall the book saying anything about it, possibly runlevel > 3 is so typical it has never come up, but as I mentioned a week ago > or so, I think there would be an advantage to building LFS within > runlevel 2--where there's no network running, no chance of some > external attack on a vulnerable system midstream. It's easier than > "pulling the plug." Last night I discovered the perl tests really > don't like that! Some want to ping localhost, etc. I suppose it's > legitimate to expect the host to provide a protected environment, > but that newly minted LFS system really shouldn't be connected to > a network until it's "armored-up".
I understand your concern, but "armored-up" is really not necessary. In order to make any type of connection to the new system, a process must be listening to a port. There are no such processes in lfs. The ping of localhost is not technically a TCP/IP process. It never goes "on the wire". After boot, the telnet, ftp, and some other clients are available, but we specifically --disable-servers in inetutils. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
