cosa sono e come si usano le capabilities (attributi speciali eseguibili) risultato comandi su 3 distribuzioni: -------------------------------------------------- ubuntu 14.04 (libcap2-bin) sacarde@sacarde-vm:~$ getcap `which ping` /bin/ping = cap_net_raw+p sacarde@sacarde-vm:~$ getcap `which beep` sacarde@sacarde-vm:~$ lsattr `which beep` -------------e-- /usr/bin/beep sacarde@sacarde-vm:~$ lsattr `which ping` -------------e-- /bin/ping sacarde@sacarde-vm:~$ ls -l /usr/bin/beep -rwsr-xr-x 1 root audio 9632 giu 11 2012 /usr/bin/beep sacarde@sacarde-vm:~$ ls -l `which ping` -rwxr-xr-x 1 root root 38932 mar 15 2014 /bin/ping ----------------------------------------------------------------- sles12 (libcap-progs) sacarde@linux:~> sudo getcap `which ping` /usr/bin/ping = cap_net_raw+p sacarde@linux:~> sudo getcap `which beep` /usr/bin/beep = cap_dac_override,cap_sys_tty_config+ep sacarde@linux:~> lsattr `which beep` -------------e-- /usr/bin/beep sacarde@linux:~> lsattr `which ping` -------------e-- /usr/bin/ping sacarde@linux:~> ls -l /usr/bin/beep -rwxr-xr-x 1 root root 11576 ago 16 2014 /usr/bin/beep sacarde@linux:~> ls -l /bin/ping lrwxrwxrwx 1 root root 13 mag 30 10:10 /bin/ping -> /usr/bin/ping --------------------------------------------------------------- fedora 20 (libcap) [sacarde@localhost ~]$ sudo getcap `which ping` /usr/bin/ping = cap_net_admin,cap_net_raw+ep [sacarde@localhost ~]$ sudo getcap `which beep` [sacarde@localhost ~]$ lsattr `which ping` -------------e-- /usr/bin/ping [sacarde@localhost ~]$ lsattr `which beep` -------------e-- /usr/bin/beep [sacarde@loxalhost ~]$ ls -l `which ping` -rwxr-xr-x. 1 root root 48864 4 ago 2013 /usr/bin/ping [sacarde@localhost ~]$ ls -l `which beep` -rwxr-xr-x. 1 root root 10752 20 nov 2013 /usr/bin/beep ---------------------------------------------------------------- link utili: /usr/src/linux/include/linux/capability.h man capabilities hallyn-reprint-capabilities.pdf http://linux-audit.com/linux-capabilities-hardening-linux-binaries-by-removing-setuid https://guiodic.wordpress.com/2011/05/18/sicurezza-e-gnulinux-6-setuid-e-le-capabilities https://wiki.gentoo.org/wiki/Hardened/Overview_of_POSIX_capabilities |