Question: Setuid root binaries and capabilities Choose at least four setuid root binaries, each of which requires a distinct set of Linux capabilities. Below is a
Setuid root binaries and capabilities
Choose at least four setuid root binaries, each of which requires a distinct set of Linux capabilities. Below is a sample list:
passwd mount ping sudo
You can look at alternatives, e.g., su instead of sudo, but don't look at both as they require similar capabilities.
For each binary, determine what capabilities it requires to function properly. How can you figure this out without reading the source?
Try removing the setuid bit from the file and replacing it with file-based capabilities using setcap. Can you get it to work as before?
Can you create a program that, given one capability, is able to get other capabilities that it wasn't explicitly given? Which capabilities are useful for getting other capabilities?
Setuid root binaries and capabilities Choose at least four setuid root binaries, each of which requires a distinct set of Linux capabilities. Below is a sample list passwd mount ping sudo You can look at alternatives, e.g., su instead of sudo, but don't look at both as they require similar capabilities. For each binary, determine what capabilities it requires to function properly. How can you figure this out without reading the source? Try removing the setuid bit from the file and replacing it with file-based capabilities using setcap. Can you get it to work as before? Can you create a program that, given one capability, is able to get other capabilities that it wasn't explicitly given? Which capabilities are useful for getting other capabilities? Setuid root binaries and capabilities Choose at least four setuid root binaries, each of which requires a distinct set of Linux capabilities. Below is a sample list passwd mount ping sudo You can look at alternatives, e.g., su instead of sudo, but don't look at both as they require similar capabilities. For each binary, determine what capabilities it requires to function properly. How can you figure this out without reading the source? Try removing the setuid bit from the file and replacing it with file-based capabilities using setcap. Can you get it to work as before? Can you create a program that, given one capability, is able to get other capabilities that it wasn't explicitly given? Which capabilities are useful for getting other capabilities
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help