Date: Thu, 14 Feb 2002 15:39:18 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: "PSI, Mike Smith" <mlsmith@mitre.org> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Kernel after halt issued Message-ID: <20020214153918.D36782@blossom.cjclark.org> In-Reply-To: <3C6C0965.206509B4@mitre.org>; from mlsmith@mitre.org on Thu, Feb 14, 2002 at 02:00:53PM -0500 References: <3C6C0965.206509B4@mitre.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 14, 2002 at 02:00:53PM -0500, PSI, Mike Smith wrote:
> I just heard someone say that they believed that the kernel was still
> running after a halt is issued, but just cannot (won't?) create any
> processes. So while I realize this person may not know what they are
> talking about (and am showing my own ignorance for even listening), the
> question is...
>
> Is the kernel still running after a halt?
I don't think it will work. As a simple test, I pinged the box when it
was up. It ponged fine. I shut it down (shutdown -h now) to the,
The operating system has halted.
Please press any key to reboot.
Prompt and pinged again. Silence. Since the ICMP responses all live in
the kernel's IP stack, I don't think there is an IP stack running.
> If it is, then there are very interesting possibilities for building in
> very specific capabilities in the kernel, then under "halt" condition
> have those capabilities available. AND NOTHING ELSE! Interesting from a
> security standpoint. Plus it would not require to to strip your system
> down to bare bones to eliminate holes. You could bring it up to a fully
> capable system at any time it was necessary.
It sounds like a bad trade to me anyway. Compare: a box in the
shutdown state, a kernel running with no userspace, to a box up and
running with absolutely no userland processes listening. In either
case, the only way someone can break the box remotely is with an
exploitable, remote vulnerability in the kernel. A DoS attack on the
kernel has identical results in either case. In both cases, the
attacker owNz yr b0>< if they find an exploitable bug. There is the
slight advantage with no userland, that the attacker may have a harder
time doing something they consider useful with the owned box and
establishing themselves so that they retain control (but neither is
impossible). The kernel-only box also has a HUGE security disadvantage
that pretty much makes it a non-starter IMHO, no logging.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020214153918.D36782>