The libcap-ng library is intended to make programming with posix
capabilities much easier than the traditional libcap library.
It includes utilities that can analyse all currently running
applications and print out any capabilities and whether or not it
has an open ended bounding set. An open bounding set without the
securebits "NOROOT" flag will allow full capabilities escalation
for applications retaining uid 0 simply by calling execve.
The included utilities are designed to let administrators and
developers spot applications from various ways that may be running
with too much privilege. For example, any investigation should
start with network facing applications since they would be prime
targets for intrusion.
The netcap program will check all running applications and display
the results. |