from small one page howto to huge articles all in one place
 

search text in:





Poll
Which screen resolution do you use?










poll results

Last additions:
using iotop to find disk usage hogs

using iotop to find disk usage hogs

words:

887

views:

85954

userrating:

average rating: 1.7 (82 votes) (1=very good 6=terrible)


May 25th. 2007:
Words

486

Views

202328

why adblockers are bad


Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

84320

userrating:

average rating: 1.3 (27 votes) (1=very good 6=terrible)


April, 26th. 2006:

Druckversion
You are here: manpages





CAPTEST:

Section: System Administration Utilities (8)
Updated: June 2009
Index Return to Main Contents
 

NAME

captest - a program to demonstrate capabilities  

SYNOPSIS

captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]  

DESCRIPTION

captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.

You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege escalation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.

 

OPTIONS

--drop-all
This drops all capabilities and clears the bounding set.
--drop-caps
This drops just traditional capabilities.
--id
This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.
--text
This option outputs the effective capabilities in text rather than numerically.
--lock
This prevents the ability for child processes to regain privileges if the uid is 0.

 

SEE ALSO

filecap(8), capabilities(7)

 

AUTHOR

Steve Grubb


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
SEE ALSO
AUTHOR


Please read "Why adblockers are bad".



Other free services
toURL.org
Shorten long
URLs to short
links like
http://tourl.org/2
tourl.org
.
Reverse DNS lookup
Find out which hostname(s)
resolve to a
given IP or other hostnames for the server
www.reversednslookup.org
rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2013 Sascha Nitsch Unternehmensberatung UG(haftungsbeschränkt)
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 4.2 ms