Capability Bounding Set
  All capabilities are available by default.
  Capability bounding set status is a kernel variable
  Available via /proc/sys/kernel/cap-bound
  When a capability is removed from the system, it's gone for good.
  (Unless you have CAP_SYS_MODULE available)
  Can be modified easily using Lcap

Copyright 2003, Bri Hatch of Onsight, Inc.

Presented at ISSA Puget Sound, 2003.

Presentation created using vim and MagicPoint.