[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] lcap, /dev/mem and CAP_SYS_RAWIO
- Subject: Re: [cobalt-security] lcap, /dev/mem and CAP_SYS_RAWIO
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Tue, 28 Aug 2001 13:43:13 +0200 (CEST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Stu,
> According to the LCAP homepage <http://home.netcom.com/~spoon/lcap/>
> setting CAP_SYS_MODULE without setting CAP_SYS_RAWIO is of limited
> benefit as root can still write to /dev/mem.
Yes, that's right. I have LCAP running on a few machines, just with the
barebone options.
One think you still need to do is the following:
Delete "/etc/cron.d/kmod"! Otherwise you will get an error message from
crond every 15 minutes.
"kmod" is used every 15 minutes to unload all kernel modules and to load
them again. LCAP will of course prevent that. ;o)
Why the modules are unloaded every 15 minutes? Well, ask Cobalt. There are
very, very few good reasons to do that every 15 minutes, unless some
modules have terrible memory leaks. Go figure.
With best regards,
Michael Stauber
SOLARSPEED.NET