Re: A question about Knark and modules

[Philipp Schulte]

On Mon, Jun 18, 2001 at 03:52:46AM -0800, Ethan Benson wrote: 

> On Mon, Jun 18, 2001 at 12:43:41PM +0200, Philipp Schulte wrote:
> > Ok, so just do make sure: http://www.lids.org/lids-howto/node53.html
> > is claiming that CAP_SYS_RAWIO allows access to raw block devices.
> 
> they are mistaken.

Well, somebody should tell them ;)

> > BTW: Are there any "proof of concept" for this vulnerability?
> 
> which? the /dev/mem restoration of the capability bounding set, or
> removing chattr +i even when CAP_LINUX_IMMUTABLE is removed?  for the
> latter i have a script that does it. 

Yes, I would be really interested in this script. Do you have an URL
or could send it to me?
Some of our servers use lcap and some files are +i or +a. So far I
thought that CAP_SYS_RAWIO would prevent some of the mentioned
problems but obviously I was wrong.
Thanks for the information,
Phil


--  
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]