CAPTEST:(8) System Administration Utilities CAPTEST:(8)NAME
captest - a program to demonstrate capabilities
SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]
DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output
current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that
attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.
You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run
captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's
credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca-
lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.
OPTIONS --drop-all
This drops all capabilities and clears the bounding set.
--drop-caps
This drops just traditional capabilities.
--id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.
--text This option outputs the effective capabilities in text rather than numerically.
--lock This prevents the ability for child processes to regain privileges if the uid is 0.
SEE ALSO filecap(8), capabilities(7)AUTHOR
Steve Grubb
Red Hat June 2009 CAPTEST:(8)
Check Out this Related Man Page
CAPTEST:(8) System Administration Utilities CAPTEST:(8)NAME
captest - a program to demonstrate capabilities
SYNOPSIS
captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]
DESCRIPTION
captest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output
current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that
attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have.
You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run
captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's
credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege esca-
lation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.
OPTIONS --drop-all
This drops all capabilities and clears the bounding set.
--drop-caps
This drops just traditional capabilities.
--id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set.
--text This option outputs the effective capabilities in text rather than numerically.
--lock This prevents the ability for child processes to regain privileges if the uid is 0.
SEE ALSO filecap(8), capabilities(7)AUTHOR
Steve Grubb
Red Hat June 2009 CAPTEST:(8)
I have an executable that, depending on its input, outputs to either one file or several. It usually prints nothing on screen. The usual way to call this program is to specify an input and output filenames, like this:
./executable.exe -i inputfile -o outputfileIt will then try to use the output... (1 Reply)
I have been a SCO UNIX user, never an administrator...so I am stumbling around looking for information.
I don't know too much about what is onboard in terms of hardware, however; I will try my best.
We have SCO 5.07 and have applied MP5.
We have a quad core processor with 4 250 GB... (1 Reply)
Can anyone help me with this section of code?
The scenario is a value drops from A to B or A to C or B to C.
If it drops from A to B or B to C, we print "Drop one level"
If it drops from A to C, we print "Dropped two levels".
The problem is script is throwing error when comparing variable... (2 Replies)
I had a question in my test which asked where suppose user B has a program with 's' bit set. Can user A run this program and gain root privileges in any way?
I suppose not as the suid program run with privileges of owner and this program will run with B's privileges and not root. (1 Reply)