Re: Giving shutdown rights to somebody

From: RainbowHat (nHiATlE@blSackholeP.mAit.edMu.invalid)
Date: 04/09/02


From: RainbowHat <nHiATlE@blSackholeP.mAit.edMu.invalid>
Date: Tue, 9 Apr 2002 09:45:07 +0000 (UTC)


< Mark Damrose
>"RainbowHat" <nHiATlE@blSackholeP.mAit.edMu.invalid> wrote in message
>news:POW1PV0WG.-nHiATlE@blackhole.mit.edu...
>> < Lee Sau Dan
>> >Watch out! My experience is that the Linux kernel still responds to
>> >pings even after a shutdown (after the kernel message "System halted"
>> >is shown on the kernel). At least, I've consistently got this
>> >behaviour with 2.2 kernels, 3Com 3c509 and 3c59x cards.
>>
>> Really? I had known I can scroll with [Shift] + [Page Up/Down] key
>> after shutdown. I was guessing /usr/lib/crt1.o. But I don't know that.
>> Drivers are still running? I'm wondering if firewall drop ping or
>> `echo 1 /proc/sys/net/ipv4/icmp_echo_ignore_all`, how it behave after
>> shutdown.
>
>I've forgotten the link, and I don't have the time to search for it right
>now, but I saw an article about creating a hardened firewall a while back.
>Basically what it said was that the kernel keeps running - even after the
>machine had been shut down. The author removed the network down from the
>shutdown procedure, so the machine kept running iptables and routing after
>all other processes had stopped, and the disks were umounted.

Again Really?! Dose this mean a specialized Linux router box is still
working to route static even it had been shutdown? Very interesting.
At security viewpoint, this mean backdoor of kernel space modules can
communicate to attacker after shutdown. And this activity don't log
because user space daemons stopped and the disks were unmounted. One
of my PC that SMP CPU box can't poweroff itself.

-- 
Regards, RainbowHat. To spoof or not to spoof, that is the packet.
----+----1----+----2----+----3----+----4----+----5----+----6----+----7



Relevant Pages

  • Re: [opensuse] Re: reboot/shutdown occasionally fail
    ... When the OS receives a shutdown or reboot request, NOTHING short of a serious hardware failure should prevent it, IMHO. ... A shutdown or reboot request may have been initiated in response to an emergency, therefore the Linux kernel must absolutely honor the request and force the shutdown or reboot to take place, regardless of any protests/failure from some darn app or process! ...
    (SuSE)
  • Re: Problem: Kernel Panic/Oops on shutdown with 2.6.9 and Dell Optiplex SX280
    ... I've applied your patch and thankfully the bug was triggered on the ... > It's interesting that this only happens during shutdown: ... Dec 2 17:03:22 kermit kernel: path: `' ... Dec 2 17:03:22 kermit kernel: device eth0 left promiscuous mode ...
    (Linux-Kernel)
  • Re: shutdown
    ... Check /var/log/messages for anything mentioning ACPI. ... debian kernel: ACPI: Interpreter disabled. ... Shutdown did work back when I was using Sarge. ... I've had problems with this with my Fedora core 5 install on one of my ...
    (Debian-User)
  • Re: Everything seems to cause a reboot
    ... assign it to a package or anything. ... When I try to shutdown, reboot, logout, switch user or Ctrl-Alt-Fn to ... try a soft shutdown event not supported by the kernel. ... strict about ACPI support ...
    (Debian-User)
  • Re: [opensuse] Re: reboot/shutdown occasionally fail
    ... When the OS receives a shutdown or reboot request, NOTHING short of a serious hardware failure should prevent it, IMHO. ... A shutdown or reboot request may have been initiated in response to an emergency, therefore the Linux kernel must absolutely honor the request and force the shutdown or reboot to take place, regardless of any protests/failure from some darn app or process! ...
    (SuSE)