Re: halted firewalls

To: debian-security@lists.debian.org
Subject: Re: halted firewalls
From: Ludo <ludo.aelbrecht@gmail.com>
Date: Sun, 25 Feb 2007 01:07:51 +0100
Message-id: <[🔎] 657943990702241607w17758b5du78859926153963e@mail.gmail.com>
In-reply-to: <[🔎] 45E0AB6E.5010409@gmx.net>
References: <[🔎] 657943990702240826n4e44a0a5v824afbb0a8a4575d@mail.gmail.com> <[🔎] 45E0AB6E.5010409@gmx.net>

On 2/24/07, Alexander Klauer <Graf.Zahl@gmx.net> wrote:

I've just read that article and I'm not entirely convinced of
the theoretical security implications stated, in particular,
what does the author mean by "having removed all process space"?


I'm actually not doing this for the improved security in ithis particular case.
As this is a home LAN, I don't have tons of room/pc's. So the gateway in this
case is just another pc, and using this idea I wouldn't have to boot this pc for
no other reason than "gatewaying". So it's mostly to avoid running the gateway,
because of the added noise, etc.

My understanding (which might be wrong) was that once the kernel
launches the INIT task, the whole runlevel and boot/shutdown
stuff is a user space thing.


What do you mean by that? Does that change the situation?

Thanks,
Ludo

Reply to:

Follow-Ups:
- Re: halted firewalls
  - From: Sam Couter <sam@couter.id.au>
- Re: halted firewalls
  - From: Holger Schletz <holger.schletz@web.de>
- Re: halted firewalls
  - From: Lothar Ketterer <superapotheker@m-air.org>
- Re: halted firewalls
  - From: Alexander Klauer <Graf.Zahl@gmx.net>
- Re: halted firewalls
  - From: Emanuele Rocca <ema@debian.org>

References:
- halted firewalls
  - From: Ludo <ludo.aelbrecht@gmail.com>
- Re: halted firewalls
  - From: Alexander Klauer <Graf.Zahl@gmx.net>

Prev by Date: Re: halted firewalls
Next by Date: Re: halted firewalls
Previous by thread: Re: halted firewalls
Next by thread: Re: halted firewalls
Index(es):
- Date
- Thread