On Mon, Jun 18, 2001 at 03:52:46AM -0800, Ethan Benson wrote: > On Mon, Jun 18, 2001 at 12:43:41PM +0200, Philipp Schulte wrote: > > Ok, so just do make sure: http://www.lids.org/lids-howto/node53.html > > is claiming that CAP_SYS_RAWIO allows access to raw block devices. > > they are mistaken.
Well, somebody should tell them ;) > > BTW: Are there any "proof of concept" for this vulnerability? > > which? the /dev/mem restoration of the capability bounding set, or > removing chattr +i even when CAP_LINUX_IMMUTABLE is removed? for the > latter i have a script that does it. Yes, I would be really interested in this script. Do you have an URL or could send it to me? Some of our servers use lcap and some files are +i or +a. So far I thought that CAP_SYS_RAWIO would prevent some of the mentioned problems but obviously I was wrong. Thanks for the information, Phil
