The magic numbers of reboot()
Today I learned an interesting piece of Linux trivia. To reboot the machine, there's a system call, reboot(). The funny thing is in its signature
int reboot(int magic, int magic2, int cmd, void *arg);
Of course this routine can only be called by uid 0 (root), but you also need to pass two "magic numbers" for the call to actually work. Why?
Imagine a rogue process with uid 0 gets to screw up and jump at a random location, and this location happens to be the location of reboot(). It would trigger a reboot, something rather unpleasant. To prevent this, magic numbers provide an additional safety net. It's unlikely that the rogue program jumps _and has the proper magic numbers in the stack or the registers.
The comment in the kernel confirm this
192 * Reboot system call: for obvious reasons only root may call it, 193 * and even root needs to set up some magic numbers in the registers 194 * so that some mistake won't make this reboot the whole machine. 195 * You can also set the meaning of the ctrl-alt-del-key here. 196 * 197 * reboot doesn't sync: do that yourself before calling this. 198 */
Another interesting trivia is that the magic2 numbers have a special meaning. In hex, they are the birthdates of Torvalds and his daughters.
#define LINUX_REBOOT_MAGIC1 0xfee1dead #define LINUX_REBOOT_MAGIC2 672274793 // 0x28121969 #define LINUX_REBOOT_MAGIC2A 85072278 // 0x05121996 #define LINUX_REBOOT_MAGIC2B 369367448 // 0x16041998 #define LINUX_REBOOT_MAGIC2C 537993216 // 0x20112000
Any of these values will be accepted to initiate a reboot
210 /* For safety, we require "magic" arguments. */ 211 if (magic1 != LINUX_REBOOT_MAGIC1 || 212 (magic2 != LINUX_REBOOT_MAGIC2 & 213 magic2 != LINUX_REBOOT_MAGIC2A & 214 magic2 != LINUX_REBOOT_MAGIC2B & 215 magic2 != LINUX_REBOOT_MAGIC2C)) 216 return -EINVAL;