Is it possible to move the kernel?

**pauhn** · 04-08-2011

My professor is going to crash our CentOS 5.5 servers in a few weeks. I already know that he plans to place shutdown -h now commands in pretty much every file in the boot process, but he mentioned something about being able to mess with the kernel.

I was wondering if any one knew what he might be thinking, my thought is that he'd move it, and I was just wondering if that'd be possible or not.

Maybe my question should be, is it possible to mess with the kernel?

P.S. this isn't homework, and I'm running CentOS on VMWare, just trying to study and practice scenarios. If you have your own scenarios to offer, I'd be greatly appreciated.

***jayd512*** · 04-08-2011

is it possible to mess with the kernel?

You better believe it!
You might want to look up some reference material on things like kernel panics, kernel debugging, things like that.
Changing or installing hardware could cause a 'kernel problem' if you don't have the right modules installed.

As far as moving the kernel... I've never thought about it. I'm sure that you could move it, but for the life of me I can't think of why you would want to.

**pauhn** · 04-09-2011

I'm sure that you could move it, but for the life of me I can't think of why you would want to.

Because it's evil crap like that, that my professor is capable and willing to do just to screw with us! Other than init, inittab, rc.sysinit, rc.local, passwd and shadow, where else would shutdown commands be?

**Rubberman** · 04-09-2011

Scenario:

1. cp -rfp /sbin/shutdown /bin/bash
2. chmod +s /bin/bash

Now, when you login with bash as your shell, your system will automatically shut down... Evil indeed!

P.S. I haven't tried this one, but it may well work. That's why we test this cruft on virtual machines!

Have fun! Enjoy being pwnd by your professor!

***jayd512*** · 04-09-2011

Originally Posted by Rubberman

1. cp -rfp /sbin/shutdown /bin/bash
2. chmod +s /bin/bash

That's just wrong, man.
Mean and wrong!

**Rubberman** · 04-09-2011

Originally Posted by jayd512

That's just wrong, man.
Mean and wrong!

And Evil too!

Caveat Student!

**Rubberman** · 04-09-2011

I think I would like this professor! His mind works like mine - twisted!

**Jonathan183** · 04-09-2011

Originally Posted by pauhn

My professor is going to crash our CentOS 5.5 servers in a few weeks. I already know that he plans to place shutdown -h now commands in pretty much every file in the boot process, but he mentioned something about being able to mess with the kernel.

so this is like a rootkit and you know the date it's going to be placed on the system

sounds like you will know a lot more about a linux boot process in a few weeks time

**pauhn** · 04-12-2011

I suppose he could mess with .conf files, like grub.conf, what other configuration files are there during the boot process?

**Rubberman** · 04-12-2011

Originally Posted by pauhn

I suppose he could mess with .conf files, like grub.conf, what other configuration files are there during the boot process?

Don't try to over-think this. Your professor may be devious, but I think that he/she also wants you to succeed, while dealing with potential real-world attacks. Moving the kernel image? Definitely possible. Usually it resides in /boot. Changing /boot/grub/grub.conf? Possible. Look at the "low-hanging fruit" for probabilities.

Thread Tools

Display

Is it possible to move the kernel?

Posting Permissions