blob: df2e87803f1ce04d02f077d36fea225f14d5f423 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
# Leveraging file capabilities on shared libraries
This directory contains an example of a shared library (`capso.so`)
that can be installed with file capabilities. When the library is
linked against an unprivileged program, it includes internal support
for re-invoking itself as a child subprocess to execute a privileged
operation on bahalf of the parent.
The idea for doing this was evolved from the way `pam_unix.so` is able
to leverage a separate program, and `libcap`'s recently added support
for supporting binary execution of all the `.so` files built by the
package.
The actual program example `./bind` leverages the
`"cap_net_bind_service=p"` enabled `./capso.so` file to bind to the
privileged port 80.
A writeup of how to build and explore the behavior of this example is
provided on the `libcap` distribution website:
https://sites.google.com/site/fullycapable/capable-shared-objects
|
