Re: A question about Knark and modules
On Mon, Jun 18, 2001 at 03:52:46AM -0800, Ethan Benson wrote:
> On Mon, Jun 18, 2001 at 12:43:41PM +0200, Philipp Schulte wrote:
> > Ok, so just do make sure: http://www.lids.org/lids-howto/node53.html
> > is claiming that CAP_SYS_RAWIO allows access to raw block devices.
>
> they are mistaken.
Well, somebody should tell them ;)
> > BTW: Are there any "proof of concept" for this vulnerability?
>
> which? the /dev/mem restoration of the capability bounding set, or
> removing chattr +i even when CAP_LINUX_IMMUTABLE is removed? for the
> latter i have a script that does it.
Yes, I would be really interested in this script. Do you have an URL
or could send it to me?
Some of our servers use lcap and some files are +i or +a. So far I
thought that CAP_SYS_RAWIO would prevent some of the mentioned
problems but obviously I was wrong.
Thanks for the information,
Phil
Reply to: