|
|
Troj_fakealrt.bn
|
|
CAPTEST:(8) System Administration Utilities CAPTEST:(8) NAME
captest - a program to demonstrate capabilities SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ] DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have. You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca- lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it. OPTIONS
--drop-all This drops all capabilities and clears the bounding set. --drop-caps This drops just traditional capabilities. --id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set. --text This option outputs the effective capabilities in text rather than numerically. --lock This prevents the ability for child processes to regain privileges if the uid is 0. SEE ALSO
filecap(8), capabilities(7) AUTHOR
Steve Grubb Red Hat June 2009 CAPTEST:(8)
