Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

captest(8) [v7 man page]

CAPTEST:(8)						  System Administration Utilities					       CAPTEST:(8)

NAME
captest - a program to demonstrate capabilities SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ] DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have. You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca- lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it. OPTIONS
--drop-all This drops all capabilities and clears the bounding set. --drop-caps This drops just traditional capabilities. --id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set. --text This option outputs the effective capabilities in text rather than numerically. --lock This prevents the ability for child processes to regain privileges if the uid is 0. SEE ALSO
filecap(8), capabilities(7) AUTHOR
Steve Grubb Red Hat June 2009 CAPTEST:(8)

Check Out this Related Man Page

CAPTEST:(8)						  System Administration Utilities					       CAPTEST:(8)

NAME
captest - a program to demonstrate capabilities SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ] DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have. You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca- lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it. OPTIONS
--drop-all This drops all capabilities and clears the bounding set. --drop-caps This drops just traditional capabilities. --id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set. --text This option outputs the effective capabilities in text rather than numerically. --lock This prevents the ability for child processes to regain privileges if the uid is 0. SEE ALSO
filecap(8), capabilities(7) AUTHOR
Steve Grubb Red Hat June 2009 CAPTEST:(8)
Man Page

3 More Discussions You Might Find Interesting

1. SCO

Slow Processing - not matching hardware capabilities

I have been a SCO UNIX user, never an administrator...so I am stumbling around looking for information. I don't know too much about what is onboard in terms of hardware, however; I will try my best. We have SCO 5.07 and have applied MP5. We have a quad core processor with 4 250 GB... (1 Reply)
Discussion started by: atpbrownie
1 Replies

2. Shell Programming and Scripting

Variable comparison

Can anyone help me with this section of code? The scenario is a value drops from A to B or A to C or B to C. If it drops from A to B or B to C, we print "Drop one level" If it drops from A to C, we print "Dropped two levels". The problem is script is throwing error when comparing variable... (2 Replies)
Discussion started by: sundar63
2 Replies

3. UNIX for Dummies Questions & Answers

Can you gain root privileges if the suid program does not belong to root?

I had a question in my test which asked where suppose user B has a program with 's' bit set. Can user A run this program and gain root privileges in any way? I suppose not as the suid program run with privileges of owner and this program will run with B's privileges and not root. (1 Reply)
Discussion started by: syncmaster
1 Replies