On Mon, Jun 18, 2001 at 12:35:13AM -0800, Ethan Benson wrote: > chattr +i and +a cannot be set or removed if CAP_LINUX_IMMUTABLE is > removed from the bounding set. however that does not prevent root > from messing with /dev/hda* directly, niether does CAP_SYS_RAWIO. > > there is no capability that allows you to deny root access to the raw > block devices, so removing the immutable bit is trivially easy. Ok, so just do make sure: http://www.lids.org/lids-howto/node53.html is claiming that CAP_SYS_RAWIO allows access to raw block devices. Does LIDS change the behaviour of the cap or are they claiming something wrong? BTW: Are there any "proof of concept" for this vulnerability? Regards, Phil -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
- Re: A question about Knark and modules Christian Jaeger
- Re: A question about Knark and modules Jim Breton
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Peter Cordes
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Philipp Schulte
- Re: A question about Knark and modules Peter Cordes
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Philipp Schulte
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Philipp Schulte
- Re: A question about Knark and modules Christian Jaeger
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Ben Harvey
- Re: A question about Knark and modules Christian Jaeger
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Peter Cordes
- Re: A question about Knark and modules Ethan Benson
- Re: A question about Knark and modules Hubert Chan