Last active
July 9, 2018 18:29
-
-
Save jordansissel/963926 to your computer and use it in GitHub Desktop.
setcap to allow a program to listen on privileged ports
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
setcap grants root-like permissions, so there's additional constraints on the binary. | |
It ignores LD_PRELOAD and LD_LIBRARY_PATH environment variables, so if you used these, you'll have to find another way. | |
One option is to use the RPATH piece of the Dynamic section of an ELF binary. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Ubuntu is weird and calls the 'nc' binary 'nc.openbsd' - that's a rant for another time. | |
% nc.openbsd -l 123 | |
nc.openbsd: Permission denied | |
% sudo setcap cap_net_bind_service=+ep /bin/nc.openbsd | |
% nc.openbsd -l 123 | |
works.... | |
^C |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment