CAPTEST: - Online Linux Manual PageSection : 8
Updated : Sept 2020
Source : Red Hat
Note : System Administration Utilities
NAMEcaptest − a program to demonstrate capabilities
SYNOPSIScaptest [ −−ambient −−drop-all | −−drop-caps | −−id ] [ −−init-grp ] [ −−lock ] [ −−text ]
DESCRIPTIONcaptest is a program that demonstrates and prints out the current process capabilities. Each option prints the same report. It will output current capabilities. then it will try to access /etc/shadow directly to show if that can be done. Then it creates a child process that attempts to read /etc/shadow and outputs the results of that. Then it outputs the capabilities that a child process would have. You can also apply file system capabilities to this program to study how they work. For example, filecap /usr/bin/captest chown. Then run captest as a normal user. Another interesting test is to make captest suid root so that you can see what the interaction is between root's credentials and capabilities. For example, chmod 4755 /usr/bin/captest. When run as a normal user, the program will see if privilege escalation is possible. But do not leave this app setuid root after you are don testing so that an attacker cannot take advantage of it.
OPTIONS−−ambient This attempts to add CAP_CHOWN ambient capability. −−drop-all This drops all capabilities including ambient and clears the bounding set. −−drop-caps This drops just traditional capabilities. −−id This changes to uid and gid 99, drops supplemental groups, and clears the bounding set. −−init-grp This changes to uid and gid 99 and then adds any supplemental groups that comes with that account. You would have add them prior to testing because by default there are no supplemental groups on account 99. −−text This option outputs the effective capabilities in text rather than numerically. −−lock This prevents the ability for child processes to regain privileges if the uid is 0.
SEE ALSOfilecap(8), capabilities(7)
AUTHORSteve Grubb 0
Johanes Gumabo
Data Size : 5,972 byte
man-captest.8Build : 2024-12-05, 20:55 :
Visitor Screen : x
Visitor Counter ( page / site ) : 2 / 199,720
Visitor ID : :
Visitor IP : 3.137.214.16 :
Visitor Provider : AMAZON-02 :
Provider Position ( lat x lon ) : 39.962500 x -83.006100 : x
Provider Accuracy Radius ( km ) : 1000 :
Provider City : Columbus :
Provider Province : Ohio , : ,
Provider Country : United States :
Provider Continent : North America :
Visitor Recorder : Version :
Visitor Recorder : Library :
Online Linux Manual Page : Version : Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page : Library : lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page : Library : lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base : Version : Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base : Library : lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36
Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.