Re: A question about Knark and modules

To: debian-security@lists.debian.org
Subject: Re: A question about Knark and modules
From: Philipp Schulte <p.schulte@matrix.uni-duisburg.de>
Date: Mon, 18 Jun 2001 16:42:42 +0200
Message-id: <[🔎] 20010618164242.B18361@nepomuk.matrix.uni-duisburg.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20010618035246.G417@plato.local.lan>; from erbenson@alaska.net on Mon, Jun 18, 2001 at 03:52:46AM -0800
References: <[🔎] 002301c0f724$562f07e0$0200a8c0@terminal02> <[🔎] 20010617052802.I417@plato.local.lan> <[🔎] 20010618013815.H1723@llama.nslug.ns.ca> <[🔎] 20010617224217.V417@plato.local.lan> <[🔎] 20010618085603.A16897@nepomuk.matrix.uni-duisburg.de> <[🔎] 20010618003513.Z417@plato.local.lan> <[🔎] 20010618124341.B17692@nepomuk.matrix.uni-duisburg.de> <[🔎] 20010618035246.G417@plato.local.lan>

On Mon, Jun 18, 2001 at 03:52:46AM -0800, Ethan Benson wrote: 

> On Mon, Jun 18, 2001 at 12:43:41PM +0200, Philipp Schulte wrote:
> > Ok, so just do make sure: http://www.lids.org/lids-howto/node53.html
> > is claiming that CAP_SYS_RAWIO allows access to raw block devices.
> 
> they are mistaken.

Well, somebody should tell them ;)

> > BTW: Are there any "proof of concept" for this vulnerability?
> 
> which? the /dev/mem restoration of the capability bounding set, or
> removing chattr +i even when CAP_LINUX_IMMUTABLE is removed?  for the
> latter i have a script that does it. 

Yes, I would be really interested in this script. Do you have an URL
or could send it to me?
Some of our servers use lcap and some files are +i or +a. So far I
thought that CAP_SYS_RAWIO would prevent some of the mentioned
problems but obviously I was wrong.
Thanks for the information,
Phil

Reply to:

References:
- Re: A question about Knark and modules
  - From: "Sjarn Valkhoff" <valkho1@mailme.co.za>
- Re: A question about Knark and modules
  - From: Ethan Benson <erbenson@alaska.net>
- Re: A question about Knark and modules
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: A question about Knark and modules
  - From: Ethan Benson <erbenson@alaska.net>
- Re: A question about Knark and modules
  - From: Philipp Schulte <p.schulte@matrix.uni-duisburg.de>
- Re: A question about Knark and modules
  - From: Ethan Benson <erbenson@alaska.net>
- Re: A question about Knark and modules
  - From: Philipp Schulte <p.schulte@matrix.uni-duisburg.de>
- Re: A question about Knark and modules
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: A question about Knark and modules
Next by Date: RE: rlinetd security
Previous by thread: Re: A question about Knark and modules
Next by thread: Re: A question about Knark and modules
Index(es):
- Date
- Thread