Why is CapEff all zeros in / proc / $ PID / status

Question

Why is CapEff all zeros in / proc / $ PID / status

I removed the setuid bit from the binary ping code and added cap_net_raw+p , namely:

 $ chmod 755 /bin/ping $ setcap cap_net_raw+p /bin/ping

Then I ran ping in one terminal and checked / proc / $ PID / status of the current process from another:

 $ ps aux | grep ping user 5468 0.0 0.0 14948 1792 pts/20 S+ 11:14 0:00 ping www.google.com user 5471 0.0 0.0 14224 896 pts/2 S+ 11:14 0:00 grep --color=auto ping $ cat /proc/5468/status | grep Cap CapInh: 0000000000000000 CapPrm: 0000000000002000 CapEff: 0000000000000000 CapBnd: 0000003fffffffff CapAmb: 0000000000000000

If ping is currently running, why is CapEff: 0000000000000000 ? Should cap_net_raw be in an efficient set? Does / proc / $ PID / status not reflect the state of the current thread?

+2

linux ping linux-capabilities

catanman Sep 05 '17 at 16:01

source share

1 answer

catanman · Accepted Answer · 2017-09-06T05:45:53+0000

The helpful person at #kernelnewbies on OFTC (irc) was kind enough to give me an answer.

ping sets cap_net_raw in the efficient set, creates a socket, then cap_net_raw falls, as seen with strace:

 $ strace -e socket,capset ping -c1 localhost capset({_LINUX_CAPABILITY_VERSION_3, 0}, {CAP_NET_RAW, CAP_NET_ADMIN|CAP_NET_RAW, 0}) = 0 socket(PF_INET, SOCK_RAW, IPPROTO_ICMP) = 3 capset({_LINUX_CAPABILITY_VERSION_3, 0}, {0, CAP_NET_ADMIN|CAP_NET_RAW, 0}) = 0

Once the socket is open, no privileges are required to write it anymore.

Why is CapEff all zeros in / proc / $ PID / status

More articles: