1*2810ac1bSKiyoung Kim# Leveraging file capabilities on shared libraries 2*2810ac1bSKiyoung Kim 3*2810ac1bSKiyoung KimThis directory contains an example of a shared library (`capso.so`) 4*2810ac1bSKiyoung Kimthat can be installed with file capabilities. When the library is 5*2810ac1bSKiyoung Kimlinked against an unprivileged program, it includes internal support 6*2810ac1bSKiyoung Kimfor re-invoking itself as a child subprocess to execute a privileged 7*2810ac1bSKiyoung Kimoperation on bahalf of the parent. 8*2810ac1bSKiyoung Kim 9*2810ac1bSKiyoung KimThe idea for doing this was evolved from the way `pam_unix.so` is able 10*2810ac1bSKiyoung Kimto leverage a separate program, and `libcap`'s recently added support 11*2810ac1bSKiyoung Kimfor supporting binary execution of all the `.so` files built by the 12*2810ac1bSKiyoung Kimpackage. 13*2810ac1bSKiyoung Kim 14*2810ac1bSKiyoung KimThe actual program example `./bind` leverages the 15*2810ac1bSKiyoung Kim`"cap_net_bind_service=p"` enabled `./capso.so` file to bind to the 16*2810ac1bSKiyoung Kimprivileged port 80. 17*2810ac1bSKiyoung Kim 18*2810ac1bSKiyoung KimA writeup of how to build and explore the behavior of this example is 19*2810ac1bSKiyoung Kimprovided on the `libcap` distribution website: 20*2810ac1bSKiyoung Kim 21*2810ac1bSKiyoung Kimhttps://sites.google.com/site/fullycapable/capable-shared-objects 22