Ludo schrieb:
Hi all,
I'm trying to run a halted Debian firewall, as described in
http://www.samag.com/documents/s=1824/sam0201d/0201d.htm .
I've just read that article and I'm not entirely convinced of
the theoretical security implications stated, in particular,
what does the author mean by "having removed all process space"?
My understanding (which might be wrong) was that once the kernel
launches the INIT task, the whole runlevel and boot/shutdown
stuff is a user space thing.
The obvious security improvement in a practical setting would be
that there are no drives mounted, which is something your garden
variety attacker does not expect (not at the time, to the very
least). However, I see no theoretical reason why an attacker,
before running the only too well known shell code, should not be
able to sneak in a mount system call. Should it not even be
theoretically possible to re-run the INIT task and reboot the
operating system without restarting the system kernel?
Best regards,
Alexander
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
