1# Leveraging file capabilities on shared libraries 2 3This directory contains an example of a shared library (`capso.so`) 4that can be installed with file capabilities. When the library is 5linked against an unprivileged program, it includes internal support 6for re-invoking itself as a child subprocess to execute a privileged 7operation on bahalf of the parent. 8 9The idea for doing this was evolved from the way `pam_unix.so` is able 10to leverage a separate program, and `libcap`'s recently added support 11for supporting binary execution of all the `.so` files built by the 12package. 13 14The actual program example `./bind` leverages the 15`"cap_net_bind_service=p"` enabled `./capso.so` file to bind to the 16privileged port 80. 17 18A writeup of how to build and explore the behavior of this example is 19provided on the `libcap` distribution website: 20 21https://sites.google.com/site/fullycapable/capable-shared-objects 22