Ludo schrieb:
Hi all, I'm trying to run a halted Debian firewall, as described in http://www.samag.com/documents/s=1824/sam0201d/0201d.htm .
I've just read that article and I'm not entirely convinced of the theoretical security implications stated, in particular, what does the author mean by "having removed all process space"?
My understanding (which might be wrong) was that once the kernel launches the INIT task, the whole runlevel and boot/shutdown stuff is a user space thing.
The obvious security improvement in a practical setting would be that there are no drives mounted, which is something your garden variety attacker does not expect (not at the time, to the very least). However, I see no theoretical reason why an attacker, before running the only too well known shell code, should not be able to sneak in a mount system call. Should it not even be theoretically possible to re-run the INIT task and reboot the operating system without restarting the system kernel?
Best regards, Alexander