CAPTEST:(8) System Administration Utilities CAPTEST:(8)NAME
captest - a program to demonstrate capabilities
SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]
DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output
current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that
attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.
You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run
captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's
credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca-
lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.
OPTIONS --drop-all
This drops all capabilities and clears the bounding set.
--drop-caps
This drops just traditional capabilities.
--id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.
--text This option outputs the effective capabilities in text rather than numerically.
--lock This prevents the ability for child processes to regain privileges if the uid is 0.
SEE ALSO filecap(8), capabilities(7)AUTHOR
Steve Grubb
Red Hat June 2009 CAPTEST:(8)
Check Out this Related Man Page
CAPTEST:(8) System Administration Utilities CAPTEST:(8)NAME
captest - a program to demonstrate capabilities
SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]
DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output
current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that
attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.
You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run
captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's
credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca-
lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.
OPTIONS --drop-all
This drops all capabilities and clears the bounding set.
--drop-caps
This drops just traditional capabilities.
--id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.
--text This option outputs the effective capabilities in text rather than numerically.
--lock This prevents the ability for child processes to regain privileges if the uid is 0.
SEE ALSO filecap(8), capabilities(7)AUTHOR
Steve Grubb
Red Hat June 2009 CAPTEST:(8)
Manufacturer Links
General Information
Home Page: IBM United States
Documentation/Information: IBM System p - UNIX servers: Support and services
pSeries and AIX Information Center
Developerworks AIX Wiki: AIX Wiki
AIX for System Administrators
In-depth information from IBM:
IBM... (0 Replies)
Not sure if anyone is interested but I am just getting into UNIX like shell scripting...
I have great interest in pseudo-animations in text mode and accessing HW like /dev/dsp for example...
...
Have fun, I do... ;o)
# !/bin/sh
#
# Bargraph_Generator.sh
#
# A DEMO 6 bit coloured... (0 Replies)
For a starter I know the braces are NOT in the code...
Consider these code snippets:-
#!/bin/bash --posix
x=0
somefunction()
if
then
echo "I am here."
fi
# somefunction
#!/bin/bash --posix
x=0
somefunction()
if (2 Replies)
For those interested in installing dash shell on OSX Lion to help test POSIX compliancy of shell scripts, it is quite easy. I did it like this:
If you don't have gcc on your system:
0. Download and install the Command Line Tools for Xcode package from Sign In - Apple *
1. Download the dash... (2 Replies)
Hearing Aid...
Hi folks yet another bizarre piece of code that is Apple OSX 10.12.x to at least 10.14.1 specific.
It requires only a default OSX install, and the internal microphone along with an external headphone assembly.
Pre-amble, 14-02-2019:
For over 3 weeks now I have been suffering a... (3 Replies)
What is the point of this? Whenever I close my shell it appends to the history file without adding this. I have never seen it overwrite my history file.
# When the shell exits, append to the history file instead of overwriting it
shopt -s histappend (3 Replies)
Greetings,
I'm trying to delete a file with a weird name from within Terminal on a Mac.
It's a very old file (1992) with null characters in the name: ââWord FinderÂŽ Plusâ˘.
Here are some examples of what I've tried:
12FX009:5 dpontius$ ls
ââWord FinderÂŽ Plusâ˘
12FX009:5 dpontius$ rm... (29 Replies)
I have to print the number of stars that increases on each line from the minimum number until it reaches the maximum number, and then decreases until it goes back to the minimum number. After printing out the lines of stars, it should also print the total number of stars printed.
I have tried... (13 Replies)
Hi all...
Well guys and gals, I jumped in at the deep end and found things that PERL cannot do by default.
Many tricky terminal escape codes are not catered for so I had to create workarounds.
One thing I searched for was this:
Passing perl variable to shell command
AND, @Neo this was... (15 Replies)
Well, guys I saw a question about GOTO for Python.
So this gave me the inspiration to attempt a GOTO function for 'dash', (bash and ksh too).
Machine: MBP OSX 10.14.3, default bash terminal, calling '#!/usr/local/bin/dash'...
This is purely a fun project to see if it is possible in PURE... (3 Replies)
I am sharing a code snippet.
for (( i=0; i<=$(( $count -1 )); i++ ))
do
first=${barr2}
search=${barr1}
echo $first
echo "loop begins"
for (( j=0; j<=5000; j++ ))
do
if } == $search ]]; then
echo $j
break;
fi
done
second=${harr2}
echo $second (2 Replies)
Hi All,
I'm having a python script: test.py in /path/to/script/test.py
I'm using a properties file: test_properties.py (it is having values as dictionary{}) which is in same DIR as the script.
Sample Properties file:
params = {
'target_db' : 'a1_db'
'src_db' : ... (15 Replies)