Today I learned an interesting piece of Linux trivia. To reboot the machine, there's a system call, reboot(). The funny thing is in its signature

int reboot(int magic, int magic2, int cmd, void *arg);

Of course this routine can only be called by uid 0 (root), but you also need to pass two "magic numbers" for the call to actually work. Why?

Imagine a rogue process with uid 0 gets to screw up and jump at a random location, and this location happens to be the location of reboot(). It would trigger a reboot, something rather unpleasant. To prevent this, magic numbers provide an additional safety net. It's unlikely that the rogue program jumps _and_ has the proper magic numbers in the stack or the registers.

The comment in the kernel confirm this

192 * Reboot system call: for obvious reasons only root may call it,
193 * and even root needs to set up some magic numbers in the registers
194 * so that some mistake won't make this reboot the whole machine.
195 * You can also set the meaning of the ctrl-alt-del-key here.
196 *
197 * reboot doesn't sync: do that yourself before calling this.
198 */

Another interesting trivia is that the magic2 numbers have a special meaning. In hex, they are the birthdates of Torvalds and his daughters.

#define LINUX_REBOOT_MAGIC1 0xfee1dead
#define LINUX_REBOOT_MAGIC2 672274793   // 0x28121969
#define LINUX_REBOOT_MAGIC2A 85072278   // 0x05121996
#define LINUX_REBOOT_MAGIC2B 369367448  // 0x16041998
#define LINUX_REBOOT_MAGIC2C 537993216  // 0x20112000

Any of these values will be accepted to initiate a reboot

210 /* For safety, we require "magic" arguments. */
211 if (magic1 != LINUX_REBOOT_MAGIC1 ||
212         (magic2 != LINUX_REBOOT_MAGIC2 &
213          magic2 != LINUX_REBOOT_MAGIC2A &
214          magic2 != LINUX_REBOOT_MAGIC2B &
215          magic2 != LINUX_REBOOT_MAGIC2C))
216 return -EINVAL;


comments powered by Disqus