Man Linux: Main Page and Category List


       captest - a program to demonstrate capabilities


       captest [ --drop-all | --drop-caps | --id ] [ --lock ] [ --text ]


       captest  is  a  program  that  demonstrates  and prints out the current
       process capabilities. Each option  prints  the  same  report.  It  will
       output  current  capabilities.  then  it will try to access /etc/shadow
       directly to show if that can be done. Then it creates a  child  process
       that attempts to read /etc/shadow and outputs the results of that. Then
       it outputs the capabilities that a child process would have.

       You can also apply file system capabilities to this  program  to  study
       how  they  work.  For example, filecap /usr/bin/captest chown. Then run
       captest as a normal user. Another interesting test is to  make  captest
       suid  root  so  that you can see what the interaction is between root’s
       credentials and capabilities. For example, chmod 4755 /usr/bin/captest.
       When run as a normal user, the program will see if privilege escalation
       is possible. But do not leave this app setuid root after  you  are  don
       testing so that an attacker cannot take advantage of it.


              This drops all capabilities and clears the bounding set.

              This drops just traditional capabilities.

       --id   This  changes  to uid and gid 99, drops supplemental groups, and
              clears the bounding set.

       --text This option outputs the effective capabilities  in  text  rather
              than numerically.

       --lock This   prevents  the  ability  for  child  processes  to  regain
              privileges if the uid is 0.


       filecap(8), capabilities(7)


       Steve Grubb