Skip to main content
Unix & Linux

Return to Question

Formatting
Source Link
AdminBee
AdminBee
  • 23.6k
  • 25
  • 55
  • 77

Currently I'm trying to understand capabilities in Linux by reading http://man7.org/linux/man-pages/man7/capabilities.7.html

I created a small C++ application with the capability CAP_DAC_READ_SEARCH+eipCAP_DAC_READ_SEARCH+eip

The capability works fine for the application. But I have a system() call inside

system("cat /dev/mtdX > targetFile"); call inside

system("cat /dev/mtdX > targetFile");

How I can inherit the capability to this call?

Edit: IEdit:

I know that system()system() is driven by fork()fork() + execl()execl(). In the documentation is mentioned, that with forkfork() the child process get the same capabilities as the parent process. But why doesis the read capability is not inherited?

Currently I'm trying to understand capabilities in Linux by reading http://man7.org/linux/man-pages/man7/capabilities.7.html

I created a small C++ application with the capability CAP_DAC_READ_SEARCH+eip

The capability works fine for the application. But I have a system() call inside

system("cat /dev/mtdX > targetFile");

How I can inherit the capability to this call?

Edit: I know that system() is driven by fork() + execl(). In the documentation is mentioned, that with fork the child process get the same capabilities as the parent process. But why does the read capability is not inherited?

Currently I'm trying to understand capabilities in Linux by reading http://man7.org/linux/man-pages/man7/capabilities.7.html

I created a small C++ application with the capability CAP_DAC_READ_SEARCH+eip

The capability works fine for the application. But I have a system() call inside

system("cat /dev/mtdX > targetFile");

How I can inherit the capability to this call?

Edit:

I know that system() is driven by fork() + execl(). In the documentation is mentioned, that with fork() the child process get the same capabilities as the parent process. But why is the read capability not inherited?

added 230 characters in body
Source Link
svanschu
svanschu
  • 63
  • 8

Currently I'm trying to understand capabilities in Linux by reading http://man7.org/linux/man-pages/man7/capabilities.7.html

I created a small C++ application with the capability CAP_DAC_READ_SEARCH+eip

The capability works fine for the application. But I have a system() call inside

system("cat /dev/mtdX > targetFile");

How I can inherit the capability to this call?

Edit: I know that system() is driven by fork() + execl(). In the documentation is mentioned, that with fork the child process get the same capabilities as the parent process. But why does the read capability is not inherited?

Currently I'm trying to understand capabilities in Linux by reading http://man7.org/linux/man-pages/man7/capabilities.7.html

I created a small C++ application with the capability CAP_DAC_READ_SEARCH+eip

The capability works fine for the application. But I have a system() call inside

system("cat /dev/mtdX > targetFile");

How I can inherit the capability to this call?

Currently I'm trying to understand capabilities in Linux by reading http://man7.org/linux/man-pages/man7/capabilities.7.html

I created a small C++ application with the capability CAP_DAC_READ_SEARCH+eip

The capability works fine for the application. But I have a system() call inside

system("cat /dev/mtdX > targetFile");

How I can inherit the capability to this call?

Edit: I know that system() is driven by fork() + execl(). In the documentation is mentioned, that with fork the child process get the same capabilities as the parent process. But why does the read capability is not inherited?

Source Link
svanschu
svanschu
  • 63
  • 8

Capability inheritable for system() call in C/C++

Currently I'm trying to understand capabilities in Linux by reading http://man7.org/linux/man-pages/man7/capabilities.7.html

I created a small C++ application with the capability CAP_DAC_READ_SEARCH+eip

The capability works fine for the application. But I have a system() call inside

system("cat /dev/mtdX > targetFile");

How I can inherit the capability to this call?