# Leveraging file capabilities on shared libraries

This directory contains an example of a shared library (`capso.so`)
that can be installed with file capabilities. When the library is
linked against an unprivileged program, it includes internal support
for re-invoking itself as a child subprocess to execute a privileged
operation on bahalf of the parent.

The idea for doing this was evolved from the way `pam_unix.so` is able
to leverage a separate program, and `libcap`'s recently added support
for supporting binary execution of all the `.so` files built by the
package.

The actual program example `./bind` leverages the
`"cap_net_bind_service=p"` enabled `./capso.so` file to bind to the
privileged port 80.

A writeup of how to build and explore the behavior of this example is
provided on the `libcap` distribution website:

https://sites.google.com/site/fullycapable/capable-shared-objects