halted firewalls...
Stoilis Giannis
stoilis at sadness.gr
Sun Feb 10 20:39:01 EET 2002
to parakatw ar8ro polu mou arese, parmeno apo to linuxtoday:
http://www.samag.com/documents/s=1824/sam0201d/0201d.htm
[snip]
This feature allowed you to run shutdown -h (halt) on the machine, and the
firewall would remain active but with no drives mounted and no processes
running. That is, the firewall would be in run level 0, but still be
filtering packets.
[snip]
I realized the security implications of such a possibility. Assuming that the
firewall could be cleanly shut down, having removed all process space and
file systems, there would be no way for any attacker to gain access to the
system. This is because there is a complete lack of process space, and there
are no drives mounted. Thus, an attacker could not run code on the system
outside of code that he or she could directly introduce into kernel space.
More information about the Linux-greek-users
mailing list