Lcap (cont) root# lcap -v CAP_SYS_PTRACE Current capabilities: 0xFFFFFEFF Removing capabilities: 19) CAP_SYS_PTRACE strace(2) root# lcap Current capabilities: 0xFFF7FEFF 0) *CAP_CHOWN 1) *CAP_DAC_OVERRIDE 2) *CAP_DAC_READ_SEARCH 3) *CAP_FOWNER 4) *CAP_FSETID 5) *CAP_KILL 6) *CAP_SETGID 7) *CAP_SETUID 8) CAP_SETPCAP 9) *CAP_LINUX_IMMUTABLE 10) *CAP_NET_BIND_SERVICE 11) *CAP_NET_BROADCAST ... root# strace /bin/ls strace: exec: Operation not permitted
Copyright 2003, Bri Hatch of Onsight, Inc.
Presented at ISSA Puget Sound, 2003.
Presentation created using vim and MagicPoint.