Resources

lcap is available from http://pw1.netcom.com/~spoon/lcap. One snag with lcap: if you remove CAP_SYS_MODULE in version 0.0.6, it will claim that no capabilities are set. A peculiar side effect of removing CAP_SYS_MODULE is that future read accesses to cap-bound are denied. Therefore, you should probably remove CAP_SYS_MODULE last.

libcap can be found at www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4. In addition to providing a portable interface to the kernel capability system, libcap comes bundled with utilities like setpcaps, getpcaps, execcap and sucap that should come in handy.

See www.openwall.com for some nifty security patches and other applications you may enjoy.

If all this talk of capabilities is making your mouth water, you might want to check out LIDS (the Linux Intrusion Detection System, www.lids.org) for some really cool stuff.

An interesting discussion on the Linux kernel mailing list about direct hardware access risks can be found at www.uwsg.iu.edu/hypermail/linux/kernel/0007.3/0006.html.

See www.securityfocus.com/bid/1813 for BugTraq information on a recent ping vulnerability. It appears unexploitable but certainly gave us a scare at the time.