hello ppl, i attached the source code for a little utility i wrote to disable some linux caps we talked about before. i called it 'capctl'.
you can disable module loading, prevent setting
your network card to promiscuous mode, disable chattr,
prevent system time change, disable direct kernel
memory access for now.
disclaimer: i tested it on 2.2.14 upto 2.4.9. if it fails
or crashes your machine, then it's a kernel bug already.
kernel bug: if you disable module loading immediately, further
use of capctl will be futile cause /proc/sys/kernel/cap-bound
will become unreadable on some new kernels. i think i's a kernel bug.
the full paranoid hardening options are:
capctl -inmrt
warning: only a reboot will re-enable them back.
the md5sum is: 4a865479867efb9a0ce8677689d95eec
have fun!
pong
capctl-0.1.tar.gz
Description: Binary data
