[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] lcap, /dev/mem and CAP_SYS_RAWIO
- Subject: Re: [cobalt-security] lcap, /dev/mem and CAP_SYS_RAWIO
- From: Stuart Robinson <stuart@xxxxxxxxxxxxxxxxx>
- Date: Tue, 28 Aug 2001 13:55:41 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
You have CAP_SYS_RAWIO set? Can you still run tripwire, snort, tcpdump etc.?
Yeah, I can remember the kmod nonsense from when I used to run RH on my desktop. Used to reset my sound mixer levels every 15 minutes, infuriating.
Stu.
On Tuesday 28-Aug-2001 at 13:43, Michael Stauber <cobalt@xxxxxxxxxxxxxx> wrote:
> Hi Stu,
>
> > According to the LCAP homepage <http://home.netcom.com/~spoon/lcap/>
> > setting CAP_SYS_MODULE without setting CAP_SYS_RAWIO is of limited
> > benefit as root can still write to /dev/mem.
>
> Yes, that's right. I have LCAP running on a few machines, just with the
> barebone options.
>
> One think you still need to do is the following:
>
> Delete "/etc/cron.d/kmod"! Otherwise you will get an error message from
> crond every 15 minutes.
>
> "kmod" is used every 15 minutes to unload all kernel modules and to load
> them again. LCAP will of course prevent that. ;o)
>
> Why the modules are unloaded every 15 minutes? Well, ask Cobalt. There are
> very, very few good reasons to do that every 15 minutes, unless some
> modules have terrible memory leaks. Go figure.
>
>
> With best regards,
>
> Michael Stauber
> SOLARSPEED.NET
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>