tree: 103fcc6040ed7164ee9952daed47435537db2b5e [path history] [tgz]
  1. bind.c
  2. capso.c
  3. capso.h
  4. Makefile

Leveraging file capabilities on shared libraries

This directory contains an example of a shared library ( that can be installed with file capabilities. When the library is linked against an unprivileged program, it includes internal support for re-invoking itself as a child subprocess to execute a privileged operation on bahalf of the parent.

The idea for doing this was evolved from the way is able to leverage a separate program, and libcap's recently added support for supporting binary execution of all the .so files built by the package.

The actual program example ‘bind’ leverages the “cap_net_bind_service=p” ./ file to bind to the privileged port 80.

A writeup of how to explore this example is provided here: