Non-capabilities aware programs
  You can create suid wrappers to drop all but needed capabilities before exec'ing a binary
  exec'd programs still won't drop extra privs unless patched
  What a pain in the butt

Copyright 2003, Bri Hatch of Onsight, Inc.

Presented at ISSA Puget Sound, 2003.

Presentation created using vim and MagicPoint.