[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RE: Lcap

Subject: Re: [cobalt-security] RE: Lcap
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 30 Jun 2003 06:38:52 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Mon, 30 Jun 2003, Jon wrote:
> After a reboot I load a basic hello.c script
>
> #define MODULE
> #include <linux/module.h>
> /* Loads the module in the kernel */
> int init_module(void)
> {
> printk("<1>Hello, world\n");
> return 0;
> }
> /* Removes a module from the kernel */
> void cleanup_module(void)
> {
> printk("<1>Goodbye cruel world\n");
> }
>
> This loads without complaint > Jun 30 09:43:04 ns2 kernel: Hello, world
>
> However after removing the kernel module then running /sbin/lcap CAP_SYS_MODULE
> kernel mods are no longer able to be installed.

  Where are you putting the lcap command?
  Is it the last line in /etc/rc.d/rc.local?
  Are you sure it was loaded?
  If you putit in rc.local, it won't activate without a reboot.
  So when we install lcap we always put the command in rc.local
  (so it will execute on reboot) and then execute it manually
  to make it active in the current session.

Gerald
--
http://frontstreetnetworks.com | http://store.raqware.com
  Front Street Networks LLC, 229 Front Street, Ste.#C
  New Haven, CT 06513-3203 | phone: +1-203-785-0699

References:
- [cobalt-security] RE: Lcap
  - From: Jon

Prev by Date: [cobalt-security] RE: Lcap
Next by Date: Re: [cobalt-security] Sendmail Log Message
Previous by thread: [cobalt-security] RE: Lcap
Next by thread: [cobalt-security] PkgMaster.com availability

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index