[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] lcap, /dev/mem and CAP_SYS_RAWIO

Subject: Re: [cobalt-security] lcap, /dev/mem and CAP_SYS_RAWIO
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Tue, 28 Aug 2001 13:43:13 +0200 (CEST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Stu,

> According to the LCAP homepage <http://home.netcom.com/~spoon/lcap/>
> setting CAP_SYS_MODULE without setting CAP_SYS_RAWIO is of limited
> benefit as root can still write to /dev/mem.

Yes, that's right. I have LCAP running on a few machines, just with the
barebone options.

One think you still need to do is the following:

Delete "/etc/cron.d/kmod"! Otherwise you will get an error message from
crond every 15 minutes.

"kmod" is used every 15 minutes to unload all kernel modules and to load
them again. LCAP will of course prevent that. ;o)

Why the modules are unloaded every 15 minutes? Well, ask Cobalt. There are
very, very few good reasons to do that every 15 minutes, unless some
modules have terrible memory leaks. Go figure.


With best regards,

Michael Stauber
SOLARSPEED.NET

Follow-Ups:
- Re: [cobalt-security] lcap, /dev/mem and CAP_SYS_RAWIO
  - From: Stuart Robinson

References:
- [cobalt-security] lcap, /dev/mem and CAP_SYS_RAWIO
  - From: Stuart Robinson

Prev by Date: RE: [cobalt-security] RaQ2 Hacked within 1 day of being online
Next by Date: RE: [cobalt-security] problem with RaQ4-All-Security-1.0.1-10602 update
Previous by thread: [cobalt-security] lcap, /dev/mem and CAP_SYS_RAWIO
Next by thread: Re: [cobalt-security] lcap, /dev/mem and CAP_SYS_RAWIO

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index