halted firewalls...

Stoilis Giannis stoilis at sadness.gr
Sun Feb 10 20:39:01 EET 2002


to parakatw ar8ro polu mou arese, parmeno apo to linuxtoday:

http://www.samag.com/documents/s=1824/sam0201d/0201d.htm

[snip]
 This feature allowed you to run shutdown -h (halt) on the machine, and the 
firewall would remain active but with no drives mounted and no processes 
running. That is, the firewall would be in run level 0, but still be 
filtering packets.
[snip]
I realized the security implications of such a possibility. Assuming that the 
firewall could be cleanly shut down, having removed all process space and 
file systems, there would be no way for any attacker to gain access to the 
system. This is because there is a complete lack of process space, and there 
are no drives mounted. Thus, an attacker could not run code on the system 
outside of code that he or she could directly introduce into kernel space.



More information about the Linux-greek-users mailing list