[TCLUG] can I hack this to work?

[Mike Hicks]

Regarding this, one of the more unique tricks I've seen is to pretty
much shutdown the system but keep the kernel running.  I'm not exactly
sure how this is done, probably something along the lines of killing
most of the running software and then convincing init to exec() a
do-nothing program.  I think it's even possible to run without having a
filesystem mounted (though it might be nice to at least have a logger of
some kind running).

Basically, at this point, no new software can be executed.  However,
it'd theoretically be possible for an attacker to reboot the machine,
and then break in the period between when it boots up and when it goes
into the pseudo-shutdown mode.  There's a remote possibility that a new
kernel module could be loaded too, but that's probably stretching it
quite a bit.

I'm too tired to go look for a link now, but I'm pretty sure it was
mentioned on Slashdot at some point, and Google could probably help out.

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   No one gets too old to
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   learn a new way of being
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)  stupid.
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20030518/0b23d239/attachment.pgp