Re: Giving shutdown rights to somebody

From: Mark Damrose (mdamrose@elgin.cc.il.us)
Date: 04/09/02 

From: "Mark Damrose" <mdamrose@elgin.cc.il.us>
Date: Mon, 8 Apr 2002 19:15:26 -0500

"RainbowHat" <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message
news:POW1PV0WG.-nHiATlE@blackhole.mit.edu...
> < Lee Sau Dan
> >Watch out! My experience is that the Linux kernel still responds to
> >pings even after a shutdown (after the kernel message "System halted"
> >is shown on the kernel). At least, I've consistently got this
> >behaviour with 2.2 kernels, 3Com 3c509 and 3c59x cards.
>
> Really? I had known I can scroll with [Shift] + [Page Up/Down] key
> after shutdown. I was guessing /usr/lib/crt1.o. But I don't know that.
> Drivers are still running? I'm wondering if firewall drop ping or
> `echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all`, how it behave after
> shutdown.
>

I've forgotten the link, and I don't have the time to search for it right
now, but I saw an article about creating a hardened firewall a while back.
Basically what it said was that the kernel keeps running - even after the
machine had been shut down. The author removed the network down from the
shutdown procedure, so the machine kept running iptables and routing after
all other processes had stopped, and the disks were umounted.

> --
> Regards, RainbowHat. To spoof or not to spoof, that is the packet.
> ----+----1----+----2----+----3----+----4----+----5----+----6----+----7
>

Relevant Pages

  • Re: possible compromise or just misreading logs
    ... >> spoof them for, at a minimum, the tripwire binary ... > and its database ... Of course, once somebody modifies your kernel, you ... Do you Yahoo!? ...
    (FreeBSD-Security)
  • Re: protecting process (id)
    ... Your parents gave you a strange name. ... What do you mean with protect or spoof? ... kernel assigns process IDs consecutively. ...
    (comp.unix.bsd.freebsd.misc)