Re: A question about Knark and modules

[Philipp Schulte <p.schulte@matrix.uni-duisburg.de>]

On Mon, Jun 18, 2001 at 12:35:13AM -0800, Ethan Benson wrote: 

> chattr +i and +a cannot be set or removed if CAP_LINUX_IMMUTABLE is
> removed from the bounding set.  however that does not prevent root
> from messing with /dev/hda* directly, niether does CAP_SYS_RAWIO.  
> 
> there is no capability that allows you to deny root access to the raw
> block devices, so removing the immutable bit is trivially easy. 

Ok, so just do make sure: http://www.lids.org/lids-howto/node53.html
is claiming that CAP_SYS_RAWIO allows access to raw block devices.
Does LIDS change the behaviour of the cap or are they claiming
something wrong?
BTW: Are there any "proof of concept" for this vulnerability?
Regards,
Phil