lcap is available from One snag with lcap: if you remove CAP_SYS_MODULE in version 0.0.6, it will claim that no capabilities are set. A peculiar side effect of removing CAP_SYS_MODULE is that future read accesses to cap-bound are denied. Therefore, you should probably remove CAP_SYS_MODULE last.

libcap can be found at In addition to providing a portable interface to the kernel capability system, libcap comes bundled with utilities like setpcaps, getpcaps, execcap and sucap that should come in handy.

See for some nifty security patches and other applications you may enjoy.

If all this talk of capabilities is making your mouth water, you might want to check out LIDS (the Linux Intrusion Detection System, for some really cool stuff.

An interesting discussion on the Linux kernel mailing list about direct hardware access risks can be found at

See for BugTraq information on a recent ping vulnerability. It appears unexploitable but certainly gave us a scare at the time.