[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] RE: Lcap

Subject: [cobalt-security] RE: Lcap
From: "Jon" <jjma@xxxxxxxxxxxxxx>
Date: Mon, 30 Jun 2003 09:49:54 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hello,

> > Strange problem with my raqs tring to get lcap to start with the system
> > rebooting. In /etc/rc.d.rc.local I have:
> >
> > #Start Lcap
> > /sbin/lcap CAP_SYS_MODULE
> >
> > to start Lcap automatically but this fails> i can still load modules?
>
>   How do you know you can still load 'modules'?
>   What kind of 'modules' kernel?
>   It only stops kernel modules from being loaded.

After a reboot I load a basic hello.c script

#define MODULE
#include <linux/module.h>
/* Loads the module in the kernel */
int init_module(void)
{
printk("<1>Hello, world\n");
return 0;
}
/* Removes a module from the kernel */
void cleanup_module(void)
{
printk("<1>Goodbye cruel world\n");
}

This loads without complaint > Jun 30 09:43:04 ns2 kernel: Hello, world

However after removing the kernel module then running /sbin/lcap CAP_SYS_MODULE
kernel mods are no longer able to be installed.

Jon

Follow-Ups:
- Re: [cobalt-security] RE: Lcap
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-security] Sendmail Log Message
Next by Date: Re: [cobalt-security] RE: Lcap
Previous by thread: Re: [cobalt-security] RE: Lcap
Next by thread: Re: [cobalt-security] RE: Lcap

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index