Shutdown Scripts (was wiser ifdown-eth0 script is needed)

Larry Lawrence larry at linuxfromscratch.org
Mon Oct 14 11:17:45 PDT 2002


DJ Lucas wrote:


> Does this break the firewall stop script or create a security
> vulnerability? Obviously the firewall has to be stopped before mountfs is
> run at 70, (before the disks are not writable), but does it need to be run
> after
> sendsignals for security reasons?  I'd think not as the network is already
> down.  But I seem to remember this being mentioned somewhere on blfs.dev
> not too long ago.
> Perhaps if one of the stop scripts failed to execute correctly, then this
> would leave a security vulnerability for a few brief seconds (1~5/100ths
> of
> a second??).  IIRC that was the jist of the discussion I had seen.
> 
> DJ Lucas

No, the firewall stop is very flexable, if its used, it will need to read a 
disk file.  It has not been determined if it's even needed (i.e. the tables 
stay in memory until power loss).  There is a sense of vulnerability on 
both sides as we bring the network up, then set the firewall and have it 
sketched in to release the firewall, then bring down the network.

Larry
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-dev' in the subject header of the message



More information about the blfs-dev mailing list