[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] lcap, /dev/mem and CAP_SYS_RAWIO
- Subject: [cobalt-security] lcap, /dev/mem and CAP_SYS_RAWIO
- From: Stuart Robinson <stuart@xxxxxxxxxxxxxxxxx>
- Date: Tue, 28 Aug 2001 11:11:24 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
According to the LCAP homepage <http://home.netcom.com/~spoon/lcap/> setting CAP_SYS_MODULE without setting CAP_SYS_RAWIO is of limited benefit as root can still write to /dev/mem. Setting CAP_SYS_RAWIO breaks X but does it break any software on a RAQ? I was particularly thinking of tcpdump and its kindred.
Thanks,
Stu.