Skip to Main Content
Hands-On System Programming with Linux
book

Hands-On System Programming with Linux

by Kaiwan N. Billimoria, Tigran Aivazian
October 2018
Beginner content levelBeginner
794 pages
19h 23m
English
Packt Publishing
Content preview from Hands-On System Programming with Linux

Embedding capabilities into a program binary

We have understood that the fine granularity of the capabilities model is a major security advantage over the old-style root only or setuid-root approach. So, back to our fictional packcap program: We would like to use capabilities, and not the setuid-root. So, lets say that, upon careful study of the available capabilities, we conclude that we would like the following capabilities to be endowed into our program:

  • CAP_NET_ADMIN
  • CAP_NET_RAW

Looking up the man page on credentials(7) reveals that the first of them gives a process the ability to perform all required network administrative asks; the second, the ability to use "raw" sockets.

But how exactly does the developer embed these required capabilities ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux System Programming Techniques

Linux System Programming Techniques

Jack-Benny Persson
Linux Device Drivers, Second Edition

Linux Device Drivers, Second Edition

Jonathan Corbet, Alessandro Rubini

Publisher Resources

ISBN: 9781788998475Supplemental Content