| Server IP : 13.213.54.232 / Your IP : 216.73.216.72 Web Server : Apache/2.4.52 (Ubuntu) System : Linux ip-172-31-17-110 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 User : www-data ( 33) PHP Version : 7.1.33-67+ubuntu22.04.1+deb.sury.org+1 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /proc/246939/root/usr/share/doc/libcap2-bin/ |
Upload File : |
Please check http://www.friedhoff.org/posixfilecaps.html to get more
information on POSIX File Capabilities.
Example: how to remove the SUID root bit from /bin/ping?
--------------------------------------------------------
Make sure you have kernel 2.6.24 or newer you have
CONFIG_SECURITY_CAPABILITIES and CONFIG_SECURITY_FILE_CAPABILITIES
enabled. The Debian kernels are fine.
$ ls -l /bin/ping
-rwsr-xr-x 1 root root 30736 2007-01-31 00:10 /bin/ping
^
That is not good.
$ sudo chmod 755 /bin/ping
Or use dpkg-statoverride.
$ ls -l /bin/ping
-rwxr-xr-x 1 root root 30736 2007-01-31 00:10 /bin/ping
That is better but ping fails.
$ ping -c1 localhost
ping: icmp open socket: Operation not permitted
Now set the missing capability:
$ sudo setcap cap_net_raw+ep /bin/ping
... and ping will work again.
$ ping -c1 localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.026 ms
--- localhost ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.026/0.026/0.026/0.000 ms
Torsten Werner