Linux Capabilities (cont) CAP_SETPCAP Allow you to transfer any capability you posses to another PID. CAP_LINUX_IMMUTABLE Allow modification of immutable and append file attributes. CAP_NET_BIND_SERVICE Allow binding of TCP and UDP ports below 1024. CAP_NET_BROADCAST Allow outbound broadcast packets. CAP_NET_ADMIN Allow many options related to network interfaces, such as routing table modification, etc. CAP_NET_RAW Allow use of raw and packet sockets. (For hand-crafted packets, for example.) CAP_IPC_LOCK Allow locking of shared memory segments. CAP_IPC_OWNER Allow unrestricted IPC access.
Copyright 2003, Bri Hatch of Onsight, Inc.
Presented at ISSA Puget Sound, 2003.
Presentation created using vim and MagicPoint.