captest man page on Archlinux

Man page or keyword search:  
man Server   11224 pages
apropos Keyword Search (all sections)
Output format
Archlinux logo
[printable version]

CAPTEST:(8)		System Administration Utilities		   CAPTEST:(8)

       captest - a program to demonstrate capabilities

       captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]

       captest	is  a  program	that  demonstrates  and prints out the current
       process capabilities. Each option prints the same report. It will  out‐
       put  current  capabilities.  then  it  will  try	 to access /etc/shadow
       directly to show if that can be done. Then it creates a	child  process
       that attempts to read /etc/shadow and outputs the results of that. Then
       it outputs the capabilities that a child process would have.

       You can also apply file system capabilities to this  program  to	 study
       how  they  work.	 For example, filecap /usr/bin/captest chown. Then run
       captest as a normal user. Another interesting test is to	 make  captest
       suid  root  so  that you can see what the interaction is between root's
       credentials and capabilities. For example, chmod 4755 /usr/bin/captest.
       When run as a normal user, the program will see if privilege escalation
       is possible. But do not leave this app setuid root after	 you  are  don
       testing so that an attacker cannot take advantage of it.

	      This drops all capabilities and clears the bounding set.

	      This drops just traditional capabilities.

       --id   This  changes  to uid and gid 99, drops supplemental groups, and
	      clears the bounding set.

       --text This option outputs the effective capabilities  in  text	rather
	      than numerically.

       --lock This  prevents  the ability for child processes to regain privi‐
	      leges if the uid is 0.

       filecap(8), capabilities(7)

       Steve Grubb

Red Hat				   June 2009			   CAPTEST:(8)

List of man pages available for Archlinux

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net