Hasty Briefsbeta

Bilingual

Linux Capabilities Revisited

6 months ago
  • #Capabilities
  • #Linux
  • #Security
  • Linux capabilities divide root privileges into distinct units for more granular access control.
  • Capabilities can be queried using commands like `capsh --print` and `cat /proc/sys/kernel/cap_last_cap`.
  • The `setcap` command is used to set capabilities on executables, such as `cap_setuid+ep` for Python.
  • Capabilities can be exploited to escalate privileges without setting SUID/SGID bits.
  • Tools like `getcap -r` and LinPEAS help in hunting for files with capabilities set.
  • Elastic provides a rule to detect the use of `setcap` for setting capabilities.
  • Extended permissions like capabilities are stored in the file's inode and can be viewed using `getfattr`.
  • Monitoring capabilities is essential for comprehensive security audits.
About|Login