> lcap CAP_SYS_MODULE CAP_SYS_RAWIO
Thanks for the input. Two points:
1. I coming at this problem as a laptop user so pcmcia modules must remain
and be loadable and unloadable at will - as far as I know, there is no
direct
way to compile pcmcia modules directly into the kernel like the other
drivers.
2. What if /dev/mem access was determined at kernel compile time as an
option?
I'm not familiar with lcap, but I assume it disables access to /dev/mem
without
breaking anything, so why not make this risky access optional at kernel
level?
> i suggest installing all security updates immediatly when they arrive
> and vigilent sysadmin. those will keep your box uncompromised better
> then anything (except turning it off).
Concurred, however, I prefer proactive rather than reactive. The danger of
undisclosed exploits always leaves this area of doubt. If the expoilt cannot
happen in the first place, a whole generation of exploits is eliminated at
once.
--------------
Sjarn Valkhoff
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]